debut de mise en forme
This commit is contained in:
parent
b59b7740a6
commit
53357780aa
|
@ -1,13 +1,44 @@
|
||||||
# Howto OpenVPN
|
---
|
||||||
|
categories: vpn sysadmin security
|
||||||
|
title: Howto OpenVPN
|
||||||
|
...
|
||||||
|
|
||||||
https://openvpn.net/index.php/open-source/documentation.html
|
* Documentation : <https://openvpn.net/index.php/open-source/documentation.html>
|
||||||
|
|
||||||
## Installation sous OpenBSD
|
OpenVPN est un logiciel qui permet de faire des tunnels VPN chiffrés en utilisant le [TLS](https://fr.wikipedia.org/wiki/Transport_Layer_Security)
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
### Debian
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# apt install openvpn
|
||||||
|
# openvpn --version
|
||||||
|
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
|
||||||
|
library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
|
||||||
|
# /etc/init.d/openvpn status
|
||||||
|
● openvpn.service - OpenVPN service
|
||||||
|
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
|
||||||
|
Active: active (exited) since Fri 2017-11-03 20:37:21 CET; 20min ago
|
||||||
|
Process: 20889 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
|
||||||
|
Main PID: 20889 (code=exited, status=0/SUCCESS)
|
||||||
|
CGroup: /system.slice/openvpn.service
|
||||||
|
|
||||||
|
Nov 03 20:37:21 kampn-www01 systemd[1]: Starting OpenVPN service...
|
||||||
|
Nov 03 20:37:21 kampn-www01 systemd[1]: Started OpenVPN service.
|
||||||
|
~~~
|
||||||
|
|
||||||
|
### OpenBSD
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
# pkg_add openvpn
|
# pkg_add openvpn
|
||||||
|
$ openvpn --version
|
||||||
|
OpenVPN 2.4.4 x86_64-unknown-openbsd6.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 29 2017
|
||||||
|
library versions: LibreSSL 2.6.3, LZO 2.10
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
On gère une PKI sur le serveur via shellpki (voir ci-dessous).
|
On gère une PKI sur le serveur via shellpki (voir ci-dessous).
|
||||||
On crée clé/certificat pour le serveur VPN avec la commande suivante :
|
On crée clé/certificat pour le serveur VPN avec la commande suivante :
|
||||||
|
|
||||||
|
@ -97,11 +128,7 @@ Pour que les logs générés par OpenVPN soient rotatés, ne pas oublier de déc
|
||||||
/var/log/openvpn.log 600 52 * $W6D4 Z
|
/var/log/openvpn.log 600 52 * $W6D4 Z
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
## Installation sous Debian
|
## Configuration sous Debian
|
||||||
|
|
||||||
~~~
|
|
||||||
# apt install openvpn
|
|
||||||
~~~
|
|
||||||
|
|
||||||
La configuration se fera via un fichier `/etc/openvpn/server.conf` :
|
La configuration se fera via un fichier `/etc/openvpn/server.conf` :
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue