| Formations |
 Initiation Initiation Internet et Messagerie Internet et Messagerie Linux Linux Reseau Reseau Windows XP Windows XP
|
|
|
 | OpenVpn : une configuration qui fonctionne |  |
|
Cette article ne se veut pas un HowTo ou un didacticiel , juste la mise à disposition des fichiers de configuration !
L'installation d'openvpn a été réalisé sur une Debian à partir des sources ( ./configure , make , make install ...)
Une vue sur l'arborescence de la configuration coté serveur
# ls -R /usr/local/openvpn
/usr/local/openvpn:
etc log
/usr/local/openvpn/etc:
ca.crt dh1024.pem openvpn.conf openvpn-status.log server.csr status.log
ca.key ipp.txt openvpn.log server.crt server.key
/usr/local/openvpn/log:
openvpn.log openvpn-status.log
Le fichier /usr/local/openvpn/etc/openvpn.conf :
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
status /usr/local/openvpn/log/openvpn-status.log
log-append /usr/local/openvpn/log/openvpn.log
verb 1
comp-lzo
Le fichier de configuration coté Windows :
client
dev tun
proto tcp
remote 91.121.57.160 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
verb 1
Le script permettant de gérer le service openvpn : ( # cat /etc/init.d/openvpn )
#!/bin/bash
DAEMON=/usr/local/sbin/openvpn
CONF=/usr/local/openvpn/etc/openvpn.conf
CONFIG_DIR=/usr/local/openvpn/etc
DAEMONARG="--daemon openvpn"
PIDFILE=/var/run/openvpn.pid
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
case "$1" in
start)
echo -n "Starting openvpn : "
$DAEMON --writepid $PIDFILE --config $CONF $DAEMONARG --cd $CONFIG_DIR --chroot /usr/local/openvpn
echo "Done." ;;
stop)
echo -n "Stopping openvpn : "
PID=`cat $PIDFILE`
kill $PID
rm $PIDFILE
echo "Done." ;;
restart) echo "Restarting openvpn : "
echo ""
sh $0 stop
sh $0 start
echo ""
echo "Openvpn has restarted." ;;
*) echo "Usage: $0 {start|stop|restart}" >&2
exit 1 ;;
esac
exit 0
Les commandes :
Dans cette configuration , l'installation des sources a été effectué dans le répertoire /install
cd /install/openvpn-2.0.9/easy-rsa/ Modification des dernières lignes du fichier : vars
export KEY_COUNTRY=fr
export KEY_PROVINCE=drome
export KEY_CITY=valence
export KEY_ORG=boiteinformatique
export KEY_EMAIL=xxxxxxxxx@xxx.com
Initialisation des variables définies dans le shell courant :
. ./vars
Nettoyage de toutes les clés et certificats existants :
./clean-all
Les fichiers qui vont être générés par les étapes suivantes sont créés dans le répertoire :
/install/openvpn-2.0.9/easy-rsa/keys
Création du certificat de l’Autorité de Certification :
./build-ca
Génération d'un certificat et une clé privée pour le serveur :
./buid-key-server server
( Quand le Common Name est demandé, il faut entrer « server » comme le dernier paramètre entré dans la commande précédente )
Génération des certificats et des clés pour un client :
./build-key client1
Les paramètres Diffie Hellman doivent être générés pour le serveur OpenVPN :
./build-dh
| Nom de fichier | Utile à | Utilité | Secret | | ca.crt | Serveur et tous les clients | Certificat racine AC | NON | | ca.key | Clé signant la machine seulement | Clé racine CA | OUI | | dh{n}.pem | Serveur seulement | Paramètres Diffie Hellman | NON | | server.crt | Serveur seulement | Certificat serveur | NON | | server.key | Serveur seulement | Clé serveur | OUI | | client1.crt | Client1 seulement | Certificat Client1 | NON | | client1.key | Client1 seulement | Clé Client1 | OUI | | client2.crt | Client2 seulement | Certificat Client2 | NON | | client2.key | Client2 seulement | Clé Client2 | OUI | L’étape finale dans ce processus de génération de clés est de copier tous les fichiers sur la machine qui en a besoin, en prenant soin de les copier à l'aide d'un media sûr.
Date de création : 11/04/2008 @ 20:18
Dernière modification : 11/04/2008 @ 22:24
Catégorie :
Page lue 5848 fois
 Prévisualiser la page
 Imprimer la page
|
| | |
| Réactions à cet article | |
Réaction n°6 |
par Coach
le 06/12/2012 @ 13:58
if we did not make the last two payments...which, by the way, were looong overdue, so we started looking for a new apartment. One morning, while we were reading the classified ads, we ran into a very appealing offer. Needless to say, we were ecstatic, joyful, exhilarating! The ad claimed it had enough space for two tenants to live comfortably. What disillusion we crashed into! When we got to the premises, the cat was let out of the bag:(. It was a tiny sardine box that barely held the two of us upright. As you may well suppose, this was enough to set the cat among the pigeons! |
Réaction n°5 |
par CoachFactoryOutlet
le 06/12/2012 @ 08:56
The room went kind of quiet, ” Pat told me. “There was like this skipped heartbeat. And then the waiting started all over again.” Some people may be looking forward to leaving Thanksgiving dinner before the pie is served to join the Black Friday rush, which will begin during dinnertime Thursday, earlier than ever, at stores like Sears, Walmart and Lord & Taylor.Enlarge This Imageoupon sites and apps like RetailMeNot can also help find a discount.But for those who prefer to stay for the pie course, avoid the lines and freezing temperatures and shop from the comfort of their homes, there are just as many deals to be found online this year, especially for smart shoppers. Last year, online shoppers spent $816 million on Black Friday, an increase of 26 percent from the year before, and an additional $2.3 billion over Thanksgiving weekend and Cyber Monday, according to comScore. It expects online spending to rise this year. Online, there is no commute, no parking and no crowds — and shopping can be done in bed or at the Thanksgiving dinner table. Still, you cannot try clothes on, you have to wait for your purchase to arrive and there is always the nagging feeling that a better price is just one more click away.To find your way around those problems, here are some tips from online shopping pros, retailers and shopping bloggers.BARGAINS START EARLY “Cyber Monday is passé,” said Fiona Dias, chief strategy officer for ShopRunner.com, a network of e-commerce sites.
|
|
| | |
|
|
Haut 
