IDS-Viet/VPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
VPN/docs/account-creation.md

102 lines
4.0 KiB
Markdown
Raw Permalink Blame History

1. run this command to generated rquired client file:
```commandline
cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full <username> nopass
```
# example create test client key for user name: [arthur]
arthur@server:~/openvpn-ca$ ./easyrsa gen-req arthur nopass
Using Easy-RSA 'vars' configuration:
* /home/arthur/openvpn-ca/vars
Using SSL:
* openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
....+...+...+..+.......+.....+......+...+.......+.....+...+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...............+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+......+.......+.....+...+....+..+......+.......+......+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+......+....+..................+...+.....+.......+...+......+.....+....+.........+......+.....+....+..+.+........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [arthur]:
Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/arthur/openvpn-ca/pki/reqs/arthur.req
* key: /home/arthur/openvpn-ca/pki/private/arthur.key
arthur@server:~/openvpn-ca$ ./easyrsa sign-req client arthur
Using Easy-RSA 'vars' configuration:
* /home/arthur/openvpn-ca/vars
Using SSL:
* openssl OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
You are about to sign the following certificate:
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a client certificate
for '825' days:
subject=
commonName = arthur
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from /home/arthur/openvpn-ca/pki/openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'arthur'
Certificate is to be certified until Dec 19 04:09:41 2027 GMT (825 days)
Write out database with 1 new entries
Database updated
Notice
------
Certificate created at:
* /home/arthur/openvpn-ca/pki/issued/arthur.crt
2. OpenVPN Server Configuration\
```commandline
### Check location of key before copy
------
CA creation complete. Your new CA certificate is at:
* /home/arthur/openvpn-ca/pki/ca.crt
------
Certificate created at:
* /home/arthur/openvpn-ca/pki/issued/server.crt
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /home/arthur/openvpn-ca/pki/reqs/server.req
* key: /home/arthur/openvpn-ca/pki/private/server.key
------
DH parameters of size 2048 created at:
* /home/arthur/openvpn-ca/pki/dh.pem
------
TA Key at:
* /home/arthur/openvpn-ca/ta.key
### Start copying requirement files
arthur@server:~/openvpn-ca$ sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key ta.key pki/dh.pem /etc/openvpn/server/
### Check the destination again
arthur@server:~/openvpn-ca$ ls -la /etc/openvpn/server/
total 32
drwxr-xr-x 2 root root 4096 Sep 15 04:17 .
drwxr-xr-x 4 root root 4096 Sep 15 03:39 ..
-rw------- 1 root root 1245 Sep 15 04:17 ca.crt
-rw------- 1 root root 424 Sep 15 04:17 dh.pem
-rw------- 1 root root 4728 Sep 15 04:17 server.crt
-rw------- 1 root root 1708 Sep 15 04:17 server.key
-rw------- 1 root root 636 Sep 15 04:17 ta.key
```
Reference in New Issue View Git Blame Copy Permalink