# 변수 설정
export EASYRSA_KEY_SIZE=2048
export EASYRSA_PKI="/etc/easy-rsa/pki"
export EASYRSA_REQ_CN="[whatever]"
export EASYRSA_REQ_COUNTRY="[2-letter country code]"
export EASYRSA_REQ_PROVINCE="[whatever]"
export EASYRSA_REQ_ORG="[whatever]"
export EASYRSA_REQ_ORG="[whatever]"
export EASYRSA_REQ_EMAIL="[whatever]"
export EASYRSA_REQ_OU="[whatever]"
export EASYRSA_BATCH="1"
# pki 디렉토리를 제거하고 초기화
easyrsa init-pki
# DH parameters 생성
easyrsa gen-dh
# CA 생성 (인증기관 키 생성)
easyrsa build-ca nopass
# 서버키 생성 및 자체서명 (server 라는 서버키가 생성됩니다)
easyrsa build-server-full server nopass
# 클라이언트키 생성 (client1 라는 클라이언트키가 생성됩니다)
easyrsa build-client-full client1 nopass
easyrsa build-client-full client2 nopass
easyrsa build-client-full client3 nopass
easyrsa build-client-full client4 nopass
easyrsa build-client-full client5 nopass
생성된 키 복사
생성된 다음 키를 /etc/openvpn으로 복사합니다.
서버키
cp /etc/easy-rsa/pki/ca.crt /etc/openvpn/
cp /etc/easy-rsa/pki/dh.pem /etc/openvpn/
cp /etc/easy-rsa/pki/issued/server.crt /etc/openvpn/
cp /etc/easy-rsa/pki/private/server.key /etc/openvpn/
클라이인트키
cp /etc/easy-rsa/pki/issued/client1.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client2.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client3.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client4.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client5.crt /etc/openvpn/
cp /etc/easy-rsa/pki/private/client1.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client2.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client3.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client4.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client5.key /etc/openvpn/
- 클라이언트 설정
- ca.crt
- client1.crt
- client1.key
- client1.ovpn 화일을 아래와 같이 생성하고 위에서 생성한 키를 클라이언트에 복사합니다.
remote myhost.duckdns.orgport 21194proto udpcomp-lzo nodev tuncipher AES-256-GCMclientremote-cert-tls serverca ca.crtcert client1.crtkey client1.keyverb 3status statusauth-nocache