标签：KEY OpenVPN client export build key openvpn

$sudo apt i n s t a l l openvpn easy−r s a

copy the easy−rsa directory to /etc/openvpn. This will ensure that any changes to
the scripts will not be lost when the package is updated. From a terminal, run:
$sudo make−cadir/etc/openvpn/ easy−rsa

edit vars file
. . .
export KEY_COUNTRY=“US”
export KEY_PROVINCE=“CA”
export KEY_CITY=“SanFrancisco”
export KEY_ORG=“Fort-Funston”
export KEY_EMAIL=“me@myhost.mydomain”
export KEY_OU=“MyOrganizationalUnit”
. . .

$source vars
$./clean-all
$./build-ca
$./build-key-server customservername

We can generate a strong Diffie-Hellman keys to use during key exchange by typing:
$./build-dh
This might take a few minutes to complete.

Afterwards, we can generate an HMAC (Diffie-Hellman算法) signature to strengthen the server’s TLS integrity verification capabilities:
$openvpn --genkey --secret keys/ta.key

Generate a client certificate
$cd ~/openvpn-ca
$source vars
$./build-key client1

Copy client cert from server to client
scp -P2222 john@192.168.1.100:~/Desktop/MHN_error_solve ./

$systemctl start openvpn@myserver
$systemctl start openvpn@client
$journalctl -xe # to show vpn info

标签：KEY,OpenVPN,client,export,build,key,openvpn
来源： https://blog.csdn.net/m0_54553238/article/details/118939176

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。