ddoouubblloonn
This commit is contained in:
parent
eb393b898b
commit
8e041c1c2b
|
@ -371,75 +371,6 @@ Si erreur _ca md too weak_ cela signifie que le certificat utilise du MD5. Pour
|
|||
tls-cipher "DEFAULT:@SECLEVEL=0"
|
||||
~~~
|
||||
|
||||
## How to OpenVPN niveau 2
|
||||
|
||||
Dans l'exemple qui suit le serveur VPN est sur une machine sous Debian et le client sur une machine sous OpenBSD
|
||||
|
||||
Voici le fichier `/etc/openvpn/server.conf` sous Debian :
|
||||
|
||||
~~~
|
||||
port 1194
|
||||
proto udp
|
||||
dev tap0
|
||||
server-bridge
|
||||
keepalive 10 120
|
||||
|
||||
;tls-auth ta.key 0 # This file is secret
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
|
||||
comp-lzo
|
||||
|
||||
;max-clients 100
|
||||
;user nobody
|
||||
;group nobody
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
ca /etc/openvpn/ssl/ca/cacert.pem
|
||||
cert /etc/openvpn/ssl/files/serveur/serveur.crt
|
||||
key /etc/openvpn/ssl/files/serveur/serveur.key
|
||||
dh /etc/openvpn/ssl/ca/dh2048.pem
|
||||
|
||||
status /var/log/openvpn-status.log
|
||||
log /var/log/openvpn.log
|
||||
verb 3
|
||||
~~~
|
||||
|
||||
Voici le fichier de configuration client sous OpenBSD :
|
||||
|
||||
~~~
|
||||
client
|
||||
proto udp
|
||||
dev tap0
|
||||
dev-type tap
|
||||
verb 4
|
||||
|
||||
tls-client
|
||||
remote 1.2.3.4 1194
|
||||
|
||||
user _openvpn
|
||||
group _openvpn
|
||||
chroot /var/empty
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
pull
|
||||
|
||||
status /var/log/openvpn-status.log
|
||||
|
||||
comp-lzo
|
||||
#verb 3
|
||||
#cipher AES-128-CBC
|
||||
|
||||
ca /etc/openvpn/ssl/files/client/client.pem
|
||||
cert /etc/openvpn/ssl/files/client/client.crt
|
||||
key /etc/openvpn/ssl/files/client/client.key
|
||||
~~~
|
||||
|
||||
|
||||
## FAQ
|
||||
|
||||
### Erreur "--crl-verify fails" (serveur OpenVPN – OpenBSD)
|
||||
|
|
Loading…
Reference in New Issue