Académique Documents
Professionnel Documents
Culture Documents
VPN Server
VPN Server
apt-get update
Une fois OpenVPN installé nous allons pouvoir mettre en place les différentes clefs et
certificats nécessaires à la mise en place de notre VPN.
cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa2/
cd /etc/openvpn/easy-rsa2
vim vars
. ./vars
./clean-all
./build-ca
Generating a 1024 bit RSA private key
..............................................................++++++
.......................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [SN]:
Locality Name (eg, city) [Senegal]:
Organization Name (eg, company) [Kaolack
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [CA]:
Name []:
Email Address [ouzinseck@hotmail.fr]:
Une fois cela fait nous pouvons créer nos clef et certificats pour notre serveur et pour nos
clients.
./build-key-server asterisk
Generating a 1024 bit RSA private key
.............++++++
..........................................................++++++
writing new private key to 'vpn-server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [SN]:
Locality Name (eg, city) [Senegal]:
Organization Name (eg, company) [Kaolack]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [asterisk]:
Name []:asterisk
Email Address [ouzinseck@hotmail.fr]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CA'
stateOrProvinceName :PRINTABLE:'SN'
localityName :PRINTABLE:'Senegal'
organizationName :PRINTABLE:'Kaolack
commonName :PRINTABLE:'asterisk'
Name[]:asterisk
emailAddress :IA5STRING:'ouzinseck@hotmail.fr'
Certificate is to be certified until Dec 18 14:34:45 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]:y
Write out database with 1 new entries
Data Base Updated
NB: Ici la seule chose à entrer c’est le Name après le Common Name
./build-key ousseynou
Generating a 1024 bit RSA private key
...........................................++++++
.....................++++++
writing new private key to 'vpn-client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [SN]:
Locality Name (eg, city) [Senegal]:
Organization Name (eg, company) [Kaolack]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [ousseynou]:
Name []:ousseynou
Email Address [ouzinseck@hotmail.fr]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa2/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CA'
stateOrProvinceName :PRINTABLE:'SN'
localityName :PRINTABLE:'Senegal'
organizationName :PRINTABLE:'Kaolack'
commonName :PRINTABLE:'asterisk'
emailAddress :IA5STRING:'ouzinsemail.fr'
Certificate is to be certified until Dec 18 14:36:01 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
NB: Ici la seule chose à entrer c’est le Name après le Common Name
Générer des paramètres Diffie-Hellman
./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.................+...........................................
...................+.............+.................+.........
............................................
Et voila nos certificat et nos clefs sont crées maintenant nous allons pouvoir configurer notre
serveur VPN.
Dans le dossier /etc/openvpn nous allons créer le fichier server.conf, ce fichier sera donc le
fichier de configuration.
cp /usr/share/doc/openvpn/examples/sample-config-file/
server.conf.gz /etc/openvpn/
server.conf
port 1194
proto udp
dev tun
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/asterisk.crt
key ./easy-rsa2/keys/asterisk.key
dh ./easy-rsa2/keys/dh1024.pem
server 10.10.10.0 255.255.255.248
push "route 192.168.1.0 255.255.255.0"
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
client.conf
#pour signaler que c'est un client !
client
#type d'interface
dev tun
#protocole de communication
proto udp
#adresse ip publique du réseau dans lequel le serveur est installé +
port identique au serveur
remote 192.168.1.100 1595
#tentative de connexion infinie
resolv-retry infinite
nobind
#pour rendre la connexion persistante
persist-key
persist-tun
#pour cacher les avertissements
mute-replay-warnings
#emplacement du master CA
ca ./easy-rsa2/keys/ca.crt
#emplacement du certificat client
cert ./easy-rsa2/keys/ousseynou.crt
#emplacement de la clé privée du client
key ./easy-rsa2/keys/ousseynou.key
#type d'encryptage des données
cipher AES-128-CBC
#activation de la compression
comp-lzo
#niveau de verbosité
verb 5
CLIENT WINDOWS