世界認識の旅 / OpenVPN

最近の更新
ドライランのありがたみを改めて知る	2024/04/04
伊豆半島	2024/03/31
お出かけチェックリスト	2024/03/29
Ruby	2024/03/27
Kubernetes	2024/03/22
音楽データをDisplayAudioで聞く	2024/03/09
Redmine	2024/02/05
git	2024/02/02
経済	2024/01/08
どうする家康	2023/12/17
MX-Linux	2023/11/06
國體関連学-休学のご連絡	2023/08/13
Debian	2023/08/02
CentOS	2023/06/13
Dell-XPS13	2023/05/23
ベルト	2023/05/18
SourceForge	2023/04/17
確定申告	2023/02/19
さらば「まぐまぐ」	2023/01/09
風猷縄学	2022/11/23

[+] [-] 1.1. Install

$ sudo apt-get install openvpn

[+] [-] 1.2. 会社用 CSR 発行

添付 openssl.cnf を使って以下を実行:

(MY_ACCOUNT でログイン, openssl.cnf で $USER を参照しているため)
$ mkdir $HOME/i_am.d
$ cd $HOME/i_am.d
$ openssl req -config openssl.cnf -newkey rsa:2048 -text -keyout MY_ACCOUNT.key -out MY_ACCOUNT.csr
  :
Enter PEM pass phrase: ********
Verifying - Enter PEM pass phrase: ********
Contry Name [JP]:
Organization Name [COMPANY]:
Organizational Unit Name (Members, Servers or Test) [Members]:
Common Name []: MY NAME

MY_ACCOUNT.key, MY_ACCOUNT.csr が発行される。

[+] [-] 1.3. 設定

COMPANY.crt を会社Wikiから /etc/ssl/certs/ なり ~/i_am.d/ にダウンロード。

/etc/openvpn/office.conf を会社Wikiサンプルを元に以下を修正:

ca   /home/MY_ACCOUNT/i_am.d/COMPANY.crt
cert /home/MY_ACCOUNT/i_am.d/MY_ACCOUNT.crt
key  /home/MY_ACCOUNT/i_am.d/MY_ACCOUNT.key

[+] [-] 1.4. Run

$ sudo /usr/sbin/openvpn --script-security 2 --config /etc/openvpn/office.conf

[+] [-] 1.5. File

/etc/openvpn/office.conf:	vpn client 設定ファイル
/etc/openvpn/office.down:	customize script to up
/etc/openvpn/office.up:	customize script to down
~/i_am.d/MY_ACCOUNT.key:	private key
~/i_am.d/MY_ACCOUNT.crt:	certificate/public key
~/i_am.d/COMPANY.crt:	Campany Cerrificate Authority
~/i_am.d/MY_ACCOUNT.csr:	認証リクエストに使用(openvpnでは不要)

[+] [-] 2.1. Install

[+] [-] 2.1.1. OpenSSL

# apt-get install openssl
# apt-get install openssl-devel  # for 会社 VPN, need(at SSL/TLS function)

[+] [-] 2.1.2. LZO

http://www.oberhumer.com/opensource/lzo/ から 2.02 を download & install

   su
   umask 022
   ./configure
   make
   make check
   make test
   make install

[+] [-] 2.1.3. OpenVPN

http://openvpn.net から download
$ untar
$ su
# umask 022
# ./configure --prefix=/opt/openvpn-2.0

//# ./configure --prefix=/opt/openvpn-2.0 --disable-crypto

//(--disable-crypto -> cannot use at 会社 VPN.  I cannot remember
    why I did so)
  # make
  # make install

[+] [-] 2.2. config

/etc/openvpn/office.conf
/etc/openvpn/office.up
/etc/openvpn/office.down

[+] [-] 2.3. startup

/opt/openvpn-2.0/sbin/openvpn --config /etc/openvpn/office.conf

[+] [-] 2.4. パスフレーズ変更

$ openssl rsa -aes256 -in mykey-org.pem -out mykey-new.pem 
Enter pass phrase for mykey-org.pem: old-passphrase
writing RSA key
Enter PEM pass phrase: new-passphrase
Verifying - Enter PEM pass phrase: new-passphrase

OpenVPN

[+] [-] 1. Ubuntu(2011/03/15)

[+] [-] 1.1. Install

[+] [-] 1.2. 会社用 CSR 発行

[+] [-] 1.3. 設定

[+] [-] 1.4. Run

[+] [-] 1.5. File

[+] [-] 2. Vine

[+] [-] 2.1. Install

[+] [-] 2.1.1. OpenSSL

[+] [-] 2.1.2. LZO

[+] [-] 2.1.3. OpenVPN

[+] [-] 2.2. config

[+] [-] 2.3. startup

[+] [-] 2.4. パスフレーズ変更