開始行:
[[OpenVPN のための Solaris 用 TAP ドライバ]]
#norelated
*目次 [#m61115b7]
#contents
*TAP デバイスを使った設定例 [#m09a6e1c]
OpenVPN のための Solaris 用 TAP ドライバで作成した TAP デ...
クライアント、サーバには以下のディレクトリが存在している...
-サーバ(ホスト名: server)
--/etc/openvpn/ ... 設定ファイル置き場
--/etc/openvpn/keys/ ... 証明書、プライベートキー置き場
--/etc/openvpn/easy-rsa/ ... OpenVPN のソースコードを展開...
-クライアント(ホスト名: client1)
--/etc/openvpn/ ... 設定ファイル置き場
--/etc/openvpn/keys/ ... 証明書、プライベートキー置き場
**証明書の発行 [#m6671a6c]
基本的にサーバ上の /etc/openvpn/easy-rsa/ ディレクトリで...
***準備 [#k5d36993]
# cd /etc/openvpn/easy-rsa
# . ./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf...
# ./clean-all
***認証局(CA)の証明書とプライベートキーを発行 [#d7f3d87b]
# ./build-ca
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]: <--- そのままエンタ...
もちろん、それぞれの項目にちゃんと答えてもかまいません。...
***サーバの証明書とプライベートキーを発行 [#qe8d2c2a]
# ./build-key-server server
Generating a 1024 bit RSA private key
..................................++++++
...................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'KG'
stateOrProvinceName :PRINTABLE:'NA'
localityName :PRINTABLE:'BISHKEK'
organizationName :PRINTABLE:'OpenVPN-TEST'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Apr 23 14:14:55 201...
Sign the certificate? [y/n]:y <-- 「y」を入力
1 out of 1 certificate requests certified, commit? [y/n]...
Write out database with 1 new entries
Data Base Updated
***クライアントの証明書とプライベートキーを発行 [#d9c07da4]
# ./build-key client1
Generating a 1024 bit RSA private key
...........................................................
....++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]: <--- そのままエンタ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'KG'
stateOrProvinceName :PRINTABLE:'NA'
localityName :PRINTABLE:'BISHKEK'
organizationName :PRINTABLE:'OpenVPN-TEST'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Apr 23 14:22:27 201...
Sign the certificate? [y/n]:y <-- 「y」を入力
1 out of 1 certificate requests certified, commit? [y/n]...
Write out database with 1 new entries
Data Base Updated
***Diffie Hellman パラメータの生成 [#h6431fef]
# ./build-dh
Generating DH parameters, 1024 bit long safe prime, gene...
This is going to take a long time
................................+..........................
...............+.....................................
#
***認証局の証明書、サーバ証明書、プライベートキーのコピー...
認証局の証明書、サーバ証明書、プライベートキーを /etc/ope...
# cd /etc/openvpn/easy-rsa/keys/
# cp ca.crt server.crt server.key dh1024.pem /etc/openvp...
***認証局の証明書、クライアント証明書、プライベートキーの...
ftp などを使ってサーバの /etc/openvpn/easy-rsa/keys/ ディ...
/etc/openvpn/keys/ へコピーします
-ca.crt
-client1.crt
-client1.key
**設定ファイル [#x6f34855]
***サーバ用設定ファイル [#x6f34855]
サーバの /etc/openvpn/ ディレクトリに以下の内容で server....
/etc/openvpn/server.conf
dev tap
proto tcp-server
server 192.168.0.0 255.255.255.0
client-to-client
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
~** この設定では VPN 上で使われる IP は 192.168.0.0 〜 19...
***クライアント用設定ファイル [#l8925868]
クライアントの /etc/openvpn/ ディレクトリに以下の内容で c...
/etc/openvpn/client.conf
remote server
proto tcp-client
dev tap
client
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
設定ファイル内の「remote server」の '''server''' とはサー...
**プログラムの起動 [#o93f02e4]
サーバ、クライアント上で openvpn コマンドを実行します。引...
***サーバ [#fe888a90]
# /usr/local/sbin/openvpn /etc/openvpn/server.conf
Wed Apr 26 23:57:06 2006 OpenVPN 2.0.7 sparc-sun-solaris...
Wed Apr 26 23:57:06 2006 IMPORTANT: OpenVPN's default po...
number assignment by IANA. OpenVPN 2.0-beta16 and earli...
Wed Apr 26 23:57:06 2006 WARNING: --keepalive option is ...
Wed Apr 26 23:57:06 2006 TUN/TAP device tap0 opened
Wed Apr 26 23:57:06 2006 /usr/sbin/ifconfig tap0 192.168...
Wed Apr 26 23:57:06 2006 Listening for incoming TCP conn...
Wed Apr 26 23:57:06 2006 TCPv4_SERVER link local (bound)...
Wed Apr 26 23:57:06 2006 TCPv4_SERVER link remote: [undef]
Wed Apr 26 23:57:06 2006 Initialization Sequence Completed
***クライアント [#e061fb8d]
# /usr/local/sbin/openvpn /etc/openvpn/client.conf
Wed Apr 26 23:58:14 2006 OpenVPN 2.0.7 sparc-sun-solaris...
Wed Apr 26 23:58:14 2006 IMPORTANT: OpenVPN's default po...
number assignment by IANA. OpenVPN 2.0-beta16 and earli...
Wed Apr 26 23:58:14 2006 WARNING: No server certificate ...
http://openvpn.net/howto.html#mitm for more info.
Wed Apr 26 23:58:14 2006 Attempting to establish TCP con...
Wed Apr 26 23:58:14 2006 TCP connection established with...
Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link local: [undef]
Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link remote: 172.2...
Wed Apr 26 23:58:16 2006 [server] Peer Connection Initia...
Wed Apr 26 23:58:17 2006 TUN/TAP device tap0 opened
Wed Apr 26 23:58:17 2006 /usr/sbin/ifconfig tap0 192.168...
Wed Apr 26 23:58:18 2006 Initialization Sequence Completed
サーバ、クライアントともに WARNING メッセージが出てしまい...
***ifconfig コマンドの実行結果の確認 [#h63c290c]
このとき ifconfig コマンドを実行するとそれぞれ以下のよう...
-サーバ上にて
# ifconfig tap0
tap0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>...
inet 192.168.0.1 netmask ffffff00 broadcast 192.1...
ether 8:0:20:c6:69:c7
-クライアント上にて
# ifconfig tap0
tap0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>...
inet 192.168.0.2 netmask ffffff00 broadcast 192.1...
ether 8:0:20:91:a6:90
終了行:
[[OpenVPN のための Solaris 用 TAP ドライバ]]
#norelated
*目次 [#m61115b7]
#contents
*TAP デバイスを使った設定例 [#m09a6e1c]
OpenVPN のための Solaris 用 TAP ドライバで作成した TAP デ...
クライアント、サーバには以下のディレクトリが存在している...
-サーバ(ホスト名: server)
--/etc/openvpn/ ... 設定ファイル置き場
--/etc/openvpn/keys/ ... 証明書、プライベートキー置き場
--/etc/openvpn/easy-rsa/ ... OpenVPN のソースコードを展開...
-クライアント(ホスト名: client1)
--/etc/openvpn/ ... 設定ファイル置き場
--/etc/openvpn/keys/ ... 証明書、プライベートキー置き場
**証明書の発行 [#m6671a6c]
基本的にサーバ上の /etc/openvpn/easy-rsa/ ディレクトリで...
***準備 [#k5d36993]
# cd /etc/openvpn/easy-rsa
# . ./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf...
# ./clean-all
***認証局(CA)の証明書とプライベートキーを発行 [#d7f3d87b]
# ./build-ca
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]: <--- そのままエンタ...
もちろん、それぞれの項目にちゃんと答えてもかまいません。...
***サーバの証明書とプライベートキーを発行 [#qe8d2c2a]
# ./build-key-server server
Generating a 1024 bit RSA private key
..................................++++++
...................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'KG'
stateOrProvinceName :PRINTABLE:'NA'
localityName :PRINTABLE:'BISHKEK'
organizationName :PRINTABLE:'OpenVPN-TEST'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Apr 23 14:14:55 201...
Sign the certificate? [y/n]:y <-- 「y」を入力
1 out of 1 certificate requests certified, commit? [y/n]...
Write out database with 1 new entries
Data Base Updated
***クライアントの証明書とプライベートキーを発行 [#d9c07da4]
# ./build-key client1
Generating a 1024 bit RSA private key
...........................................................
....++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]: <--- そのままエンタ...
State or Province Name (full name) [NA]: <--- そのまま...
Locality Name (eg, city) [BISHKEK]: <--- そのままエンタ...
Organization Name (eg, company) [OpenVPN-TEST]: <--- そ...
Organizational Unit Name (eg, section) []: <--- そのま...
Common Name (eg, your name or your server's hostname) []...
Email Address [me@myhost.mydomain]: <--- そのままエンタ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'KG'
stateOrProvinceName :PRINTABLE:'NA'
localityName :PRINTABLE:'BISHKEK'
organizationName :PRINTABLE:'OpenVPN-TEST'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Apr 23 14:22:27 201...
Sign the certificate? [y/n]:y <-- 「y」を入力
1 out of 1 certificate requests certified, commit? [y/n]...
Write out database with 1 new entries
Data Base Updated
***Diffie Hellman パラメータの生成 [#h6431fef]
# ./build-dh
Generating DH parameters, 1024 bit long safe prime, gene...
This is going to take a long time
................................+..........................
...............+.....................................
#
***認証局の証明書、サーバ証明書、プライベートキーのコピー...
認証局の証明書、サーバ証明書、プライベートキーを /etc/ope...
# cd /etc/openvpn/easy-rsa/keys/
# cp ca.crt server.crt server.key dh1024.pem /etc/openvp...
***認証局の証明書、クライアント証明書、プライベートキーの...
ftp などを使ってサーバの /etc/openvpn/easy-rsa/keys/ ディ...
/etc/openvpn/keys/ へコピーします
-ca.crt
-client1.crt
-client1.key
**設定ファイル [#x6f34855]
***サーバ用設定ファイル [#x6f34855]
サーバの /etc/openvpn/ ディレクトリに以下の内容で server....
/etc/openvpn/server.conf
dev tap
proto tcp-server
server 192.168.0.0 255.255.255.0
client-to-client
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
~** この設定では VPN 上で使われる IP は 192.168.0.0 〜 19...
***クライアント用設定ファイル [#l8925868]
クライアントの /etc/openvpn/ ディレクトリに以下の内容で c...
/etc/openvpn/client.conf
remote server
proto tcp-client
dev tap
client
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
設定ファイル内の「remote server」の '''server''' とはサー...
**プログラムの起動 [#o93f02e4]
サーバ、クライアント上で openvpn コマンドを実行します。引...
***サーバ [#fe888a90]
# /usr/local/sbin/openvpn /etc/openvpn/server.conf
Wed Apr 26 23:57:06 2006 OpenVPN 2.0.7 sparc-sun-solaris...
Wed Apr 26 23:57:06 2006 IMPORTANT: OpenVPN's default po...
number assignment by IANA. OpenVPN 2.0-beta16 and earli...
Wed Apr 26 23:57:06 2006 WARNING: --keepalive option is ...
Wed Apr 26 23:57:06 2006 TUN/TAP device tap0 opened
Wed Apr 26 23:57:06 2006 /usr/sbin/ifconfig tap0 192.168...
Wed Apr 26 23:57:06 2006 Listening for incoming TCP conn...
Wed Apr 26 23:57:06 2006 TCPv4_SERVER link local (bound)...
Wed Apr 26 23:57:06 2006 TCPv4_SERVER link remote: [undef]
Wed Apr 26 23:57:06 2006 Initialization Sequence Completed
***クライアント [#e061fb8d]
# /usr/local/sbin/openvpn /etc/openvpn/client.conf
Wed Apr 26 23:58:14 2006 OpenVPN 2.0.7 sparc-sun-solaris...
Wed Apr 26 23:58:14 2006 IMPORTANT: OpenVPN's default po...
number assignment by IANA. OpenVPN 2.0-beta16 and earli...
Wed Apr 26 23:58:14 2006 WARNING: No server certificate ...
http://openvpn.net/howto.html#mitm for more info.
Wed Apr 26 23:58:14 2006 Attempting to establish TCP con...
Wed Apr 26 23:58:14 2006 TCP connection established with...
Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link local: [undef]
Wed Apr 26 23:58:14 2006 TCPv4_CLIENT link remote: 172.2...
Wed Apr 26 23:58:16 2006 [server] Peer Connection Initia...
Wed Apr 26 23:58:17 2006 TUN/TAP device tap0 opened
Wed Apr 26 23:58:17 2006 /usr/sbin/ifconfig tap0 192.168...
Wed Apr 26 23:58:18 2006 Initialization Sequence Completed
サーバ、クライアントともに WARNING メッセージが出てしまい...
***ifconfig コマンドの実行結果の確認 [#h63c290c]
このとき ifconfig コマンドを実行するとそれぞれ以下のよう...
-サーバ上にて
# ifconfig tap0
tap0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>...
inet 192.168.0.1 netmask ffffff00 broadcast 192.1...
ether 8:0:20:c6:69:c7
-クライアント上にて
# ifconfig tap0
tap0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>...
inet 192.168.0.2 netmask ffffff00 broadcast 192.1...
ether 8:0:20:91:a6:90
ページ名: