|
|
Mathias, Thanks for the advice. I got it going. I am posting my config file for others to see how this is done. I also created a script to build certificate requests, create the certificates, and package it up for each user. Also attached. Hope this helps others. Don ######################################## # Sample OpenVPN modified by Don Weeks # multi-client udp server # # tap-style tunnel port 5000 dev tap # TLS parms tls-server ca /etc/certs/ca.crt cert /etc/certs/server.cert key /etc/certs/server.key dh /etc/certs/dh2048.pem # Tell OpenVPN to be a multi-client udp server mode server # The server's virtual subnet ifconfig 192.168.2.1 255.255.255.0 # Pool of IP addresses to be allocated to clients. # When a client connects, an --ifconfig command # will be automatically generated and pushed back to # the client. ifconfig-pool 192.168.2.2 192.168.2.253 # Client should attempt reconnection on link # failure. ping 10 ping-restart 120 push "ping 10" push "ping-restart 60" # #Push routes out to the clients on connect and successful #TLS negotiation. # push "route 192.168.5.0 255.255.255.0 192.168.2.1" push "route 192.168.7.0 255.255.255.0 192.168.2.1" push "route 192.168.20.0 255.255.255.0 192.168.2.1" push "route 192.168.90.0 255.255.255.0 192.168.2.1" push "route 192.168.115.0 255.255.255.0 192.168.2.1" push "route 192.168.15.0 255.255.255.0 192.168.2.1" push "route 192.168.45.0 255.255.255.0 192.168.2.1" push "route 192.168.55.0 255.255.255.0 192.168.2.1" push "route 192.168.65.0 255.255.255.0 192.168.2.1" push "route 192.168.75.0 255.255.255.0 192.168.2.1" push "route 192.168.10.0 255.255.255.0 192.168.2.1" push "route 141.146.168.0 255.255.252.0 192.168.2.1" push "route 141.146.165.0 255.255.255.224 192.168.2.1" push "route 140.85.253.112 255.255.255.248 192.168.2.1" push "route 148.87.1.239 255.255.255.255 192.168.2.1" tun-mtu 1500 tun-mtu-extra 32 mssfix 1400 fragment 1400 comp-lzo # # The server doesn't need privileges #nogroup added by Don Weeks for support of Mandrake 10. If #this does not work. Try changing group name to nobody. # user nobody group nogroup verb 3 ### End Of Config #!/bin/bash # Vars is copied from OpenVPN's easyrsa directory. # The script takes one argument which is the users name # and it generates a zip file containing a signed certificate, # root certificate, and key file. This is given to the user for # use in using OpenVPN. # . vars openssl genrsa -out $1.key 2048 openssl req -new -key $1.key -out $1.csr -config /etc/certs/openssl.cnf openssl ca -days 3650 -out $1.crt -in $1.csr -config /etc/certs/openssl.cnf cat generic.ovpn > $1.ovpn echo "ca c:\\certs\\ca.crt" >> $1.ovpn echo "cert c:\\certs\\$1.crt" >> $1.ovpn echo "key c:\\certs\\$1.key" >> $1.ovpn zip $1.zip $1.* ca.crt Don .~. Weeks /V\ L I N U X // \\ >Phear the Penguin< dlweeks@xxxxxxxxxxx /( )\ ^^-^^ |