Differences

This shows you the differences between two versions of the page.

--- wiki:webui:administration:openvpn:openvpn [2020/03/13 15:41]
ghi created
+++ wiki:webui:administration:openvpn:openvpn [2021/09/21 10:57] (current)
tda
@@ Line 3: / Line 3: @@
 This topic is destined to users with some basic knowledge about VPN, who know how to create and setup a VPN client/server.
-===== Configuration =====
+===== Creating the PKI =====
+ [[.:pki|PKI management]]
+===== VPN Server Setup/Configuration  =====
+Here an example of creating and configuring an OpenVPN server
+  - [[.:server|OpenVPN server configuration]]
+===== VPN Client Setup/Configuration =====
+==== Modify the configuration file ====
 The configuration of the VPN requires:
-   * A client configuration file, named ''client.conf''. This is the main configuration file.\\ Make sure that non-interactive authentication is enabled (the connection is established by a daemon, the password cannot be entered manually)
+   * A client configuration file, named ''client-openvpn.conf''. This is the main configuration file.\\ Make sure that non-interactive authentication is enabled (the connection is established by a daemon, the password cannot be entered manually)
-   * A “Certification Authority Certificate” file, authenticating the remote server, ''vpn-server-certificate.crt''
+   * A “Certification Authority Certificate” file, authenticating the remote server, ''ca.crt''
-   * A “User key and certificate archive” file, authenticating the Wanesy SPN gateway (the client), ''ifemto-spn-auth.p12''
+   * A “User key and certificate archive” file, authenticating the Wanesy SPN gateway (the client), ''client.p12''
 All those files have to be uploaded via the web UI.
@@ Line 14: / Line 25: @@
 Here is an example of a client configuration file:
-<code file client.conf>
+<code file client-openvpn.conf.conf>
 #################################################
 #                                               #
@@ Line 28: / Line 39: @@
 # from the server.
 client
+tls-client
+#remote-cert-tls server
+# Protocol
+proto udp
 #Tunnel
@@ Line 33: / Line 51: @@
 #Server
-remote vpn-server.example.com
+remote 192.168.1.14
 #Certification Authority Certificate - Server Authentication
-ca vpn-server-certificate.crt
+ca ca.crt
+#User Key and Certificate - Client Authentication
+pkcs12 client.p12
+cipher AES-256-CBC
+#auth SHA256
+tls-version-min "1.0"
+tls-version-max "1.0"
+mssfix 1200
+comp-lzo
-#User Key and certificate Archive - Client Authentication
-pkcs12 ifemto-spn-auth.p12
 </code>
-The two other files (.crt and .p12) have to be created according to your server configuration.
+Note: if you set a passphrase to access your private key, just add the following line in your configuration file :
-===== VPN Server Setup/Configuration  =====
+<code bash>
+askpass pass.txt
+</code>
-Here an example of creating and configuring an OpenVPN server
+Fill the ''pass.txt'' file with your password and protect it from reading to others that are not root:
+<code bash>
+# chmod 600 pass.txt
+</code>
+The two other files (.crt and .p12) have to be generated using the [[.:pki|PKI]].
+==== Enable OpenVPN over the kerlink gateway Web interface ====
+Select the "Enable" button from the Administration > OpenVPN menu option and drag and drop the following files :
+  * ''ca.crt''
+  * ''client.p12''
+  * ''client-openvpn.conf''
+{{:images:enable_openvpn.png|}}
+Automatically the openvpn process will be launch at boot time and be monitored by the ''monit'' tool.
-  - [[.:pki|PKI management]]
-  - [[.:server|OpenVPN server configuration]]
 ===== Connection =====
-Once the files are uploaded and the VPN feature is activated in the administration page, the VPN tunnel will automatically open.
+Once the files are uploaded and the VPN feature is activated in the administration page, the VPN tunnel will automatically be created.

Wanesy™ SPN (End Of Life)

User Tools

Site Tools

Differences

Page Tools