본문 바로가기
카테고리 없음

openvpn

by yoon-record 2024. 2. 8.

# 변수 설정
export EASYRSA_KEY_SIZE=2048
export EASYRSA_PKI="/etc/easy-rsa/pki"
export EASYRSA_REQ_CN="[whatever]"
export EASYRSA_REQ_COUNTRY="[2-letter country code]"
export EASYRSA_REQ_PROVINCE="[whatever]"
export EASYRSA_REQ_ORG="[whatever]"
export EASYRSA_REQ_ORG="[whatever]"
export EASYRSA_REQ_EMAIL="[whatever]"
export EASYRSA_REQ_OU="[whatever]"
export EASYRSA_BATCH="1"

# pki 디렉토리를 제거하고 초기화
easyrsa init-pki

# DH parameters 생성
easyrsa gen-dh

# CA 생성 (인증기관 키 생성)
easyrsa build-ca nopass

# 서버키 생성 및 자체서명 (server 라는 서버키가 생성됩니다)
easyrsa build-server-full server nopass

# 클라이언트키 생성 (client1 라는 클라이언트키가 생성됩니다)

easyrsa build-client-full client1 nopass

easyrsa build-client-full client2 nopass

easyrsa build-client-full client3 nopass

easyrsa build-client-full client4 nopass

easyrsa build-client-full client5 nopass

생성된 키 복사

생성된 다음 키를 /etc/openvpn으로 복사합니다.

서버키
cp /etc/easy-rsa/pki/ca.crt /etc/openvpn/
cp /etc/easy-rsa/pki/dh.pem /etc/openvpn/
cp /etc/easy-rsa/pki/issued/server.crt /etc/openvpn/
cp /etc/easy-rsa/pki/private/server.key /etc/openvpn/

클라이인트키
cp /etc/easy-rsa/pki/issued/client1.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client2.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client3.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client4.crt /etc/openvpn/
cp /etc/easy-rsa/pki/issued/client5.crt /etc/openvpn/

cp /etc/easy-rsa/pki/private/client1.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client2.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client3.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client4.key /etc/openvpn/
cp /etc/easy-rsa/pki/private/client5.key /etc/openvpn/



  • 클라이언트 설정
    • ca.crt
    • client1.crt
    • client1.key
  • client1.ovpn 화일을 아래와 같이 생성하고 위에서 생성한 키를 클라이언트에 복사합니다.
remote myhost.duckdns.org
port 21194
proto udp
comp-lzo no
dev tun
cipher AES-256-GCM
client
remote-cert-tls server
ca ca.crt
cert client1.crt
key client1.key
verb 3
status status
auth-nocache
; log /var/log/openvpn.log



참조 : https://qquack.org/openwrt/openvpn/