††
††# cd /etc/openvpn/easy-rsa # . ./vars NOTE: when you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys # ./clean-all †# ./build-ca Generating a 1024 bit RSA private key .....++++++ ......++++++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- †# ./build-key-server server Generating a 1024 bit RSA private key ..................................++++++ ...................++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email Address [me@myhost.mydomain]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'KG' stateOrProvinceName :PRINTABLE:'NA' localityName :PRINTABLE:'BISHKEK' organizationName :PRINTABLE:'OpenVPN-TEST' commonName :PRINTABLE:'server' emailAddress :IA5STRING:'me@myhost.mydomain' Certificate is to be certified until Apr 23 14:14:55 2016 GMT (3650 days) Write out database with 1 new entries Data Base Updated †# ./build-key client1 Generating a 1024 bit RSA private key ........................................................++++++ ....++++++ writing new private key to 'client1.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf DEBUG[load_index]: unique_subject = "yes" Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'KG' stateOrProvinceName :PRINTABLE:'NA' localityName :PRINTABLE:'BISHKEK' organizationName :PRINTABLE:'OpenVPN-TEST' commonName :PRINTABLE:'client1' emailAddress :IA5STRING:'me@myhost.mydomain' Certificate is to be certified until Apr 23 14:22:27 2016 GMT (3650 days) Write out database with 1 new entries Data Base Updated †# ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ................................+.........................+.............. ...............+..................................... # †# cd /etc/openvpn/easy-rsa/keys/ # cp ca.crt server.crt server.key dh1024.pem /etc/openvpn/keys †
†/etc/openvpn/server.conf dev tap proto tcp-server server 192.168.0.0 255.255.255.0 client-to-client ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem †/etc/openvpn/client.conf remote server proto tcp-client dev tap client ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client1.crt key /etc/openvpn/keys/client1.key ††# /usr/local/sbin/openvpn /etc/openvpn/server.conf Wed Apr 26 23:57:06 2006 OpenVPN 2.0.7 sparc-sun-solaris2.10 [SSL] built on Apr 26 2006 Wed Apr 26 23:57:06 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Wed Apr 26 23:57:06 2006 WARNING: --keepalive option is missing from server config Wed Apr 26 23:57:06 2006 TUN/TAP device tap0 opened Wed Apr 26 23:57:06 2006 /usr/sbin/ifconfig tap0 192.168.0.1 netmask 255.255.255.0 broadcast + up Wed Apr 26 23:57:06 2006 Listening for incoming TCP connection on [undef]:1194 Wed Apr 26 23:57:06 2006 TCPv4_SERVER link local (bound): [undef]:1194 Wed Apr 26 23:57:06 2006 TCPv4_SERVER link remote: [undef] Wed Apr 26 23:57:06 2006 Initialization Sequence Completed †# /usr/local/sbin/openvpn /etc/openvpn/client.conf Wed Apr 26 23:58:14 2006 OpenVPN 2.0.7 sparc-sun-solaris2.9 [SSL] built on Apr 26 2006 Wed Apr 26 23:58:14 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Wed Apr 26 23:58:14 2006 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Apr 26 23:58:14 2006 Attempting to establish TCP connection with 172.29.73.55:1194 Wed Apr 26 23:58:14 2006 TCP connection established with 172.29.73.55:1194 Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link local: [undef] Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link remote: 172.29.73.55:1194 Wed Apr 26 23:58:16 2006 [server] Peer Connection Initiated with 172.29.73.55:1194 Wed Apr 26 23:58:17 2006 TUN/TAP device tap0 opened Wed Apr 26 23:58:17 2006 /usr/sbin/ifconfig tap0 192.168.0.2 netmask 255.255.255.0 broadcast + up Wed Apr 26 23:58:18 2006 Initialization Sequence Completed †
|