OpenVPN FreeBSD 14

C 2016 года с easyrsa произошли метаморфозы, теперь работает без «sh ./easyrsa.real», сейчас просто пиши «easyrsa», например: «easyrsa init-pki». Руководство: https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Readme.md

pkg install openvpn easy-rsa

mkdir -p /usr/local/etc/openvpn

cp /usr/local/share/examples/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn/openvpn.conf


cp /usr/local/etc/openvpn/easy-rsa/pki/vars.example /usr/local/etc/openvpn/pki/vars
mcedit /usr/local/etc/openvpn/pki/vars

Подправить следующие переменные:

set_var EASYRSA_REQ_COUNTRY "RU"
set_var EASYRSA_REQ_PROVINCE "Moscow"
set_var EASYRSA_REQ_CITY "Gorod"
set_var EASYRSA_REQ_ORG "Firma"
set_var EASYRSA_REQ_EMAIL "lll@lll.ll"
set_var EASYRSA_REQ_OU "IT"

set_var EASYRSA_NO_PASS 1

set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 3650
cd /usr/local/etc/openvpn
easyrsa init-pki
easyrsa build-ca

easyrsa build-server-full server nopass

easyrsa gen-dh

easyrsa gen-crl




vi /usr/local/etc/openvpn/server.conf




port 1195
proto udp
dev tun
ca /usr/local/etc/openvpn/pki/ca.crt
cert /usr/local/etc/openvpn/pki/issued/server.crt
key /usr/local/etc/openvpn/pki/private/server.key
dh /usr/local/etc/openvpn/pki/dh.pem
topology subnet
server 10.63.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 192.168.37.1"
#push "dhcp-option DNS 77.88.8.7"
keepalive 10 120
cipher AES-256-CBC # для старых версий 2.3 и ниже
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
explicit-exit-notify 1
auth sha512


service openvpn enable
service openvpn start


Готов сервер!


Создание ключей клиенту:


easyrsa build-client-full nameclient nopass


Конфигурация клиента:




client

proto udp

dev tun0

ca ca.crt

cert nameclient.crt

key nameclient.key

remote 83.220.87.1 1195

#cipher AES-256-CBC

#remote-cert-tls client

verb 6

mute 20

keepalive 20 120

persist-key

persist-tun

float

resolv-retry infinite

nobind


Оценить

                                   
                               [Оценок: 0  средняя: 0]

				 👀 39