![]() Run the service when the Server is switched on:Ĭreate the basic configuration for Clients: If everything was successful, the screen will look like the one shown here. $ sudo ufw allow 1194/udp $ sudo ufw allow OpenSSHĬheck the status of the service. Make a note of the name after "dev" (in the image the name is "eth0").Īdd the commands as shown below, replacing "eth0" with the name of your network interface.Įdit the "DEFAULT_FORWARD_POLICY" parameter with "ACCEPT".Įnable port 1194 for UDP traffic and port 22 for SSH traffic: Some of the firewall rules must be changed to route the Client connections correctly. You now need to change the forwarding rules for Ips on the Server-side.įind the "_forward" section and remove the "#" to uncomment the command. $ sudo cp /etc/openvpn/ca.crt ~/client-configs/keys/Īt this point, both the certificates and keys for the Server and the Client have been generated. $ sudo cp ~/EasyRSA-3.0.4/ta.key ~/client-configs/keys/ $ sudo cp /tmp/client1.crt ~/client-configs/keys/ $ sudo scp pki/issued/client1.crt _SERVER:/tmpĬopy the following files into the correct folders in your Server: Transfer the certificate to your Server machine: easyrsa import-req /tmp/client1.req client1 Import the certificate request to your CA machine: $ sudo scp pki/reqs/client1.req _CA_IP:/tmp Send the client1.req file to the CA machine: $ sudo cp pki/private/client1.key ~/client-configs/keys/ Press Send to accept the standard name suggested.Ĭopy the Client key into the folder created earlier: This guide contains only one Client, called "client1", but the operation must be repeated for each subsequent Client, changing the name accordingly. Once you have installed the OpenVPN on this machine, create a folder in which to archive Client certificates and keys. Now you need to access the Ubuntu machine that will act as Client in the VPN connection.
0 Comments
Leave a Reply. |