18
0
Fork 0

debut de mise en forme

This commit is contained in:
Daniel Jakots 2017-11-03 16:01:24 -04:00
parent b59b7740a6
commit 53357780aa
1 changed files with 35 additions and 8 deletions

View File

@ -1,13 +1,44 @@
# Howto OpenVPN
---
categories: vpn sysadmin security
title: Howto OpenVPN
...
https://openvpn.net/index.php/open-source/documentation.html
* Documentation : <https://openvpn.net/index.php/open-source/documentation.html>
## Installation sous OpenBSD
OpenVPN est un logiciel qui permet de faire des tunnels VPN chiffrés en utilisant le [TLS](https://fr.wikipedia.org/wiki/Transport_Layer_Security)
## Installation
### Debian
~~~
# apt install openvpn
# openvpn --version
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
# /etc/init.d/openvpn status
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
Active: active (exited) since Fri 2017-11-03 20:37:21 CET; 20min ago
Process: 20889 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 20889 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
Nov 03 20:37:21 kampn-www01 systemd[1]: Starting OpenVPN service...
Nov 03 20:37:21 kampn-www01 systemd[1]: Started OpenVPN service.
~~~
### OpenBSD
~~~
# pkg_add openvpn
$ openvpn --version
OpenVPN 2.4.4 x86_64-unknown-openbsd6.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 29 2017
library versions: LibreSSL 2.6.3, LZO 2.10
~~~
## Configuration
On gère une PKI sur le serveur via shellpki (voir ci-dessous).
On crée clé/certificat pour le serveur VPN avec la commande suivante :
@ -97,11 +128,7 @@ Pour que les logs générés par OpenVPN soient rotatés, ne pas oublier de déc
/var/log/openvpn.log 600 52 * $W6D4 Z
~~~
## Installation sous Debian
~~~
# apt install openvpn
~~~
## Configuration sous Debian
La configuration se fera via un fichier `/etc/openvpn/server.conf` :