...
Info | ||
---|---|---|
| ||
Set the correct time on all devices that will work in the VPN network, otherwise, the created certificates may be not valid! |
...
Generate server keypair with the name "server". Enter a server Private Key Password, you will need to enter it every time the server starts:
...
Upon completing the steps, you will have generated the following files for the OpenVPN server:
ca.crt | The master Certificate Authority (CA) certificate, required by both server and client |
dh.pem | The Diffie-Hellman (DH) parameters file, required for TLS mode |
ta.key | TLS static key, if needed |
/pki/private/server.key | The server private key from server key pair |
/pki/issued/server.crt | The server public certificate from server key pair |
...
/pki/private/unit1.key | The client private key from client key pair, used for monitoring system |
/pki/issued/unit1.crt | The client public certificate from client key pair, used for monitoring system |
/pki/private/client1.key | The client private key from the client key pair, used by the user to access the network |
/pki/issued/client1.crt | The client public certificate from client key pair, used by the user to access the network |
...
Now place client-specific configuration files in the /etc/openvpn/ccd directory to define the fixed IP address for each VPN client. Create a files with the name of Common Name of client certificate (unit1, unit2, etc.). The content of the file describe the assigned IP address.
...