Results 1 to 8 of 8
  1. #1
    Join Date
    May 2011
    Location
    Beach
    Posts
    114

    vpn vars file how do we

    openvpn vars file how do we


    0]# cat vars
    # easy-rsa parameter settings

    # NOTE: If you installed from an RPM,
    # don't edit this file in place in
    # /usr/share/openvpn/easy-rsa --
    # instead, you should copy the whole
    # easy-rsa directory to another location
    # (such as /etc/openvpn) so that your
    # edits will not be wiped out by a future
    # OpenVPN package upgrade.

    # This variable should point to
    # the top level of the easy-rsa
    # tree.
    export EASY_RSA="`pwd`"

    #
    # This variable should point to
    # the requested executables
    #
    export OPENSSL="openssl"
    export PKCS11TOOL="pkcs11-tool"
    export GREP="grep"


    # This variable should point to
    # the openssl.cnf file included
    # with easy-rsa.
    export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

    # Edit this variable to point to
    # your soon-to-be-created key
    # directory.
    #
    # WARNING: clean-all will do
    # a rm -rf on this directory
    # so make sure you define
    # it correctly!
    export KEY_DIR="$EASY_RSA/keys"

    # Issue rm -rf warning
    echo NOTE: If you run ./clean-all, I will be doing a rm

    -rf on $KEY_DIR

    # PKCS11 fixes
    export PKCS11_MODULE_PATH="dummy"
    export PKCS11_PIN="dummy"

    # Increase this to 2048 if you
    # are paranoid. This will slow
    # down TLS negotiation performance
    # as well as the one-time DH parms
    # generation process.
    export KEY_SIZE=1024

    # In how many days should the root CA key expire?
    export CA_EXPIRE=3650

    # In how many days should certificates expire?
    export KEY_EXPIRE=3650

    # These are the default values for fields
    # which will be placed in the certificate.
    # Don't leave any of these fields blank.
    export KEY_COUNTRY="US"
    export KEY_PROVINCE="CA"
    export KEY_CITY="SanFrancisco"
    export KEY_ORG="Fort-Funston"
    export KEY_EMAIL="me@myhost.mydomain"
    how shud we configure this
    » Tucky - Get in touch: webcrafttucky@gmail.com
    » Freelancer-System Administrator

  2. #2
    Join Date
    Jan 2011
    Posts
    453
    Hello,

    I hopes the below given information will be helpful to you.

    ++++++++++++++++++++++++


    Make a copy of the easy-rsa directory, to /etc/openvpn/

    cp -r /usr/src/openvpn-2.0.9/easy-rsa /etc/openvpn/

    cd /etc/openvpn/easy-rsa

    chmod 777 *

    mkdir /etc/openvpn/keys

    >> Edit the file /etc/openvpn/easy-rsa/vars using vi editor

    Change the line
    export KEY_DIR=$D/keys

    to

    export KEY_DIR=/etc/openvpn/keys

    Also at the bottom of this file you will see something similar to this,

    export KEY_COUNTRY=US
    export KEY_PROVINCE=CA
    export KEY_CITY=SOMEWHERE
    export KEY_ORG="My Org"
    export KEY_EMAIL=me@mydomain.com

    Change this to your own values.

    Save and quit

    ++++++++++++++++++++++++

    I hopes you knows to make certificates. If not do post here and I will guide you on that.
    " Your work is to discover your work and then with all your heart to give yourself to it. "

    That's the mark of a true professional !

  3. #3
    Join Date
    May 2011
    Location
    Beach
    Posts
    114
    thanks i did the steps u guided me

    please give me steps to create the certificates as well
    » Tucky - Get in touch: webcrafttucky@gmail.com
    » Freelancer-System Administrator

  4. #4
    Join Date
    Jan 2011
    Posts
    453
    Hello,

    Here goes the steps to create certificate.

    +++++++++++++++++++

    To make the certificates, enter these commands

    ./vars

    ./clean-all

    ./build-ca

    Creating server certificate

    ./build-key-server server

    Creating Client certificates

    ./build-key client1

    ./build-key client2

    >> Do this step for as many clients as you need.

    ./build-dh

    +++++++++++++++++++

    Good Luck !
    " Your work is to discover your work and then with all your heart to give yourself to it. "

    That's the mark of a true professional !

  5. #5
    Join Date
    May 2011
    Location
    Beach
    Posts
    114
    thanks may i know how server.conf should be configured?
    -config-files]# ls
    client.conf loopback-client openvpn-shutdown.sh

    server.conf tls-home.conf xinetd-

    server-config
    firewall.sh loopback-server openvpn-startup.sh

    static-home.conf tls-office.conf
    home.up office.up README
    » Tucky - Get in touch: webcrafttucky@gmail.com
    » Freelancer-System Administrator

  6. #6
    Join Date
    Jan 2011
    Posts
    453
    Hello,

    I thinks you should give a better idea by reading this thread.

    http://www.webhostingtalk.com/showthread.php?t=1024872

    If you have any other doubts post here.
    " Your work is to discover your work and then with all your heart to give yourself to it. "

    That's the mark of a true professional !

  7. #7
    Join Date
    May 2011
    Location
    Beach
    Posts
    114
    in the server.conf can you help me rectify this error!

    Options error: --server directive network/netmask combination is invalid
    » Tucky - Get in touch: webcrafttucky@gmail.com
    » Freelancer-System Administrator

  8. #8
    What network/netmask combination you used in the Server directive? The default values works well unless you are looking to configure a different subnet for VPN.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

Similar Threads

  1. Replies: 0
    Last Post: 02-24-2011, 03:30 PM
  2. Replies: 15
    Last Post: 01-06-2010, 01:36 PM
  3. Replies: 1
    Last Post: 03-26-2009, 10:20 PM
  4. HostKitty: DNS, File Storage, & VPN Hosting
    By woods01 in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 12-28-2008, 03:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •