Wednesday, October 12, 2016

configure openvpn to use tcp protocol

*** server
1- install necessary application
$ sudo apt-get install openvpn easy-rsa

2- create ca, server and client certificates
$ cd /usr/share/easy-rsa/
$ mkdir key
$ touch keys/index.txt
$ echo 01 > keys/serial
$ source  ./vars
$ PATH=$PATH:`pwd`
$ ./clean-all
$ build-dh
$ pkitool --initca
$ pkitool --server server
$ pkitool client1

- copy newly created cert and key to /etc/openvpn
$ sudo cp -r keys /etc/openvpn

3- configure openvpn settting by create file /etc/openvpn/server.conf with the following content

port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server1.crt
key keys/server1.key  # This file should be kept secret
dh keys/dh2028.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
status openvpn-status.log
verb 3

4- restart the openvpn server and it is finished on server part
$ sudo /etc/init.d/openvpn restart

*** client

1 -copy ca.key, client1.crt and client1.key from server to cleint
and configuration of client is below

dev tun
proto tcp
remote 1194
resolv-retry infinite
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
remote-cert-tls server
verb 3

so the configuration file will be named as client.conf
and the directory that the configuration file  is contained, it also contain the following file with the structure below

├── client.conf
└── keys
    ├── ca.crt
    ├── client1.crt
    └── client1.key

2- to connect  cd to the configuration directory and execute the following command

$ sudo openvpn --config client-tcp.conf

No comments:

Post a Comment