Book Image

OpenVPN Cookbook - Second Edition

By : Jan Just Keijser
Book Image

OpenVPN Cookbook - Second Edition

By: Jan Just Keijser

Overview of this book

OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, and supporting alternative authentication methods via OpenVPN’s plugin module interface. This book provides you with many different recipes to help you set up, monitor, and troubleshoot an OpenVPN network. You will learn to configure a scalable, load-balanced VPN server farm that can handle thousands of dynamic connections from incoming VPN clients. You will also get to grips with the encryption, authentication, security, extensibility, and certifications features of OpenSSL. You will also get an understanding of IPv6 support and will get a demonstration of how to establish a connection via IPv64. This book will explore all the advanced features of OpenVPN and even some undocumented options, covering all the common network setups such as point-to-point networks and multi-client TUN-style and TAP-style networks. Finally, you will learn to manage, secure, and troubleshoot your virtual private networks using OpenVPN 2.4.
Table of Contents (17 chapters)
OpenVPN Cookbook - Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Certificate generation


This recipe will demonstrate how to create and sign a certificate request using plain openssl commands. This is slightly different from using the easy-rsa scripts, but very instructive.

Getting ready

Set up the easy-rsa certificate environment using the first recipe from Chapter 2Client-server IP-only Networks, by sourcing the vars file. This recipe was performed on a computer running Fedora 22 Linux but it can easily be run on Windows or MacOS. Note that the easy-rsa package can be downloaded independently of OpenVPN itself.

How to do it...

Before we can use plain openssl commands to generate and sign a request, there are a few environment variables that need to be set. These variables are not set in the vars file by default.

  1. Add the missing environment variables:

           $ cd /etc/openvpn/cookbook
           $ . ./vars
           $ export KEY_CN=
           $ export KEY_OU=
           $ export KEY_NAME=
           $ export OPENSSL_CONF=/etc/openvpn/cookbook/openssl-
               1.0.0.cnf...