首页 > > 操作系统 > FreeBSD >

OpenBSD下建立基于系统用户名验证OpenVPN网络

2009-05-13 15:34:18来源:未知 阅读 ()

新老客户大回馈,云服务器低至5折

实现环境:
# uname -a
OpenBSD linyin.8800.org 4.3 GENERIC.MP#0 i386

# /usr/local/sbin/openvpn --version
OpenVPN 2.0.9 i386-unknown-openbsd4.3 [SSL] [LZO] built on Nov 11 2008
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC
所需安装软件:
openvpn(pkg_add安装) bash(pkg_add安装) gmake(pkg_add安装) auth-passwd(
auth-passwd.sourceforge.net
)

配置Openvpn:
建立OpenVPN目录
# mkdir /etc/openvpn
复制OpenVPN提供生成密钥和证书的脚本到/etc/openvpn
# cp –r /usr/local/share/examples/openvpn/easy-rsa /etc/openvpn/
编辑/etc/openvpn/easy-rsa/vars,修改如下:
export KEY_COUNTRY=CN
export KEY_PROVINCE=JS
export KEY_CITY=Soochow
export KEY_ORG="Linyin-Lab"
export KEY_EMAIL="
linyin@linyin.org
"

切换到bash shell下,建立证书:
# bash

使vars配置生效
bash-3.2# source vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys

清除已经存在的密钥和证书
bash-3.2# ./clean-all

建立CA
bash-3.2# ./build-ca
Generating a 1024 bit RSA private key
.++++++
..................................................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [Soochow]:
Organization Name (eg, company) [Linyin-Lab]:
Organizational Unit Name (eg, section) []:OpenVPN
Common Name (eg, your name or your server's hostname) []:CA
Email Address [linyin@linyin.org]:
在/etc/openvpn/easy-rsa/keys目录中生成ca.crt和ca.key.生成的密钥都在/etc/openvpn/easy-rsa/keys目录中.

生成用于服务器的密钥
bash-3.2# ./build-key-server server
Generating a 1024 bit RSA private key
.......................++++++
..++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [Soochow]:
Organization Name (eg, company) [Linyin-Lab]:
Organizational Unit Name (eg, section) []:OpenVPN

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:/boot不要单独分区!

下一篇:我的FreeBSD内核编译

相关文章

IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设

网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源

网站联盟: 联盟新闻 联盟介绍 联盟点评 网赚技巧

行业资讯: 搜索引擎 网络游戏 电子商务 广告传媒

网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它

服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护

软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷

网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash

程序设计: Java技术 C/C++ VB delphi

网络知识: 网络协议 网络安全 网络管理 组网方案 Cisco技术

操作系统: Win2000 WinXP Win2003 Mac OS Linux FreeBSD

热门词条
最新资讯
热门关注
热门标签