Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:openvpn:server [2023/07/21 06:39] – [2. Key management] pavelgldocs:guide-user:services:vpn:openvpn:server [2023/10/14 05:14] – use service invocation vgaetera
Line 62: Line 62:
 easyrsa gen-dh easyrsa gen-dh
  
-# Create a new CA changing commonName if needed +# Create a new CA 
-easyrsa --batch --req-cn="ovpnca" build-ca nopass+easyrsa build-ca nopass
  
 # Generate server keys and certificate # Generate server keys and certificate
-easyrsa gen-req server nopass +easyrsa build-server-full server nopass
-easyrsa sign-req server server+
 openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem
  
 # Generate client keys and certificate # Generate client keys and certificate
-easyrsa gen-req client nopass +easyrsa build-client-full client nopass
-easyrsa sign-req client client+
 openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \ openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \
 --genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client.pem --genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client.pem
Line 96: Line 94:
 uci set firewall.ovpn.target="ACCEPT" uci set firewall.ovpn.target="ACCEPT"
 uci commit firewall uci commit firewall
-/etc/init.d/firewall restart+service firewall restart
 </code> </code>
  
Line 167: Line 165:
 EOF EOF
 done done
-/etc/init.d/openvpn restart+service openvpn restart
 ls ${VPN_DIR}/*.ovpn ls ${VPN_DIR}/*.ovpn
 </code> </code>
Line 188: Line 186:
 <code bash> <code bash>
 # Restart services # Restart services
-/etc/init.d/log restart; /etc/init.d/openvpn restart; sleep 10+service log restart; service openvpn restart; sleep 10
  
 # Log and status # Log and status
  • Last modified: 2023/10/29 01:00
  • by vgaetera