C 2016 года с easyrsa произошли метаморфозы, теперь работает без «sh ./easyrsa.real», сейчас просто пиши «easyrsa», например: «easyrsa init-pki». Руководство: https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Readme.md
pkg install openvpn easy-rsa mkdir -p /usr/local/etc/openvpn cp /usr/local/share/examples/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn/openvpn.conf cd /usr/local/etc/openvpn easyrsa init-pki
mcedit /usr/local/etc/openvpn/pki/vars
set_var EASYRSA_REQ_COUNTRY "RU" set_var EASYRSA_REQ_PROVINCE "Moscow" set_var EASYRSA_REQ_CITY "Gorod" set_var EASYRSA_REQ_ORG "Firma" set_var EASYRSA_REQ_EMAIL "lll@lll.ll" set_var EASYRSA_REQ_OU "IT" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_CA_EXPIRE 3650 set_var EASYRSA_CERT_EXPIRE 3650
easyrsa build-ca easyrsa build-server-full server nopass easyrsa gen-dh easyrsa gen-crl
vi /usr/local/etc/openvpn/server.conf
port 1195 proto udp dev tun ca /usr/local/etc/openvpn/pki/ca.crt cert /usr/local/etc/openvpn/pki/issued/server.crt key /usr/local/etc/openvpn/pki/private/server.key dh /usr/local/etc/openvpn/pki/dh.pem topology subnet server 10.63.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt #push "redirect-gateway def1 bypass-dhcp" #push "dhcp-option DNS 192.168.37.1" #push "dhcp-option DNS 77.88.8.7" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 4 explicit-exit-notify 1 auth sha512
service openvpn start
Готов сервер!
Создание ключей клиенту:
easyrsa build-client-full nameclient nopass
Конфигурация клиента:
client
proto udp
dev tun0
ca ca.crt
cert nameclient.crt
key nameclient.key
remote 83.220.87.193 1195
cipher AES-256-CBC
#remote-cert-tls client
verb 6
mute 20
keepalive 20 120
persist-key
persist-tun
float
resolv-retry infinite
nobind
Довольны?
[Оценок: 0 средняя: 0]