added simple openvpn services example on how to use them

2020-02-05 11:45:06 -08:00 · 2020-02-05 11:45:06 -08:00 · b55aad9750
commit b55aad9750
parent 8d628fbe1c
1 changed files with 73 additions and 1 deletions
--- a/docs/services/security.md
+++ b/docs/services/security.md
@ -9,6 +9,78 @@ The security services offer a wide variety of protocols capable of satisfying th
 ## Installation
 Libraries needed for some of the security services.
 ```shell
-sudo apt-get install ipsec-tools racoon openvpn
+sudo apt-get install ipsec-tools racoon
 ```
 ## OpenVPN
 Below is a set of instruction for running a very simple OpenVPN client/server scenario.
 ### Installation
 ```shell
 # install openvpn
 sudo apt install openvpn
 # retrieve easyrsa3 for key/cert generation
 git clone https://github.com/OpenVPN/easy-rsa
 ```
 ### Generating Keys/Certs
 ```shell
 # navigate into easyrsa3 repo subdirectory that contains built binary
 cd easy-rsa/easyrsa3
 # initalize pki
 ./easyrsa init-pki
 # build ca
 ./easyrsa build-ca
 # generate and sign server keypair(s)
 SERVER_NAME=server1
 ./easyrsa get-req $SERVER_NAME nopass
 ./easyrsa sign-req server $SERVER_NAME
 # generate and sign client keypair(s)
 CLIENT_NAME=client1
 ./easyrsa get-req $CLIENT_NAME nopass
 ./easyrsa sign-req client $CLIENT_NAME
 # DH generation
 ./easyrsa gen-dh
 # create directory for keys for CORE to use
 # NOTE: the default is set to a directory that requires using sudo, but can be
 # anywhere and not require sudo at all
 KEYDIR=/etc/core/keys
 sudo mkdir $KEYDIR
 # move keys to directory
 sudo cp pki/ca.crt $KEYDIR
 sudo cp pki/issued/*.crt $KEYDIR
 sudo cp pki/private/*.key $KEYDIR
 sudo cp pki/dh.pem $KEYDIR/dh1024.pem
 ```
 ### Configure Server Nodes
 Add VPNServer service to nodes desired for running an OpenVPN server.
 Modify [sampleVPNServer](../../daemon/examples/services/sampleVPNServer) for the following
 * Edit keydir key/cert directory
 * Edit keyname to use generated server name above
 * Edit vpnserver to match an address that the server node will have
 ### Configure Client Nodes
 Add VPNClient service to nodes desired for acting as an OpenVPN client.
 Modify [sampleVPNClient](../../daemon/examples/services/sampleVPNClient) for the following
 * Edit keydir key/cert directory
 * Edit keyname to use generated client name above
 * Edit vpnserver to match the address a server was configured to use