Clark's Home page

Tecnicismi vari di un Sysadmin Linux ma anche qualcosa della sua vita

client ipad 2 con auth-tls —

Anche in questo caso valgono i preparativi generali che sono uguali agli altri

Si tratta ora di creare il file .ovpn che per mia comodità ho chiamato (con immensa fantasia) ipad01.ovpn e che contiene sia le istruzioni relative alla connessione al server Openvpn che i certificati ca.crt, ipad01.crt e ipad01.key  racchiusi tra tag in questo modo:

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx. 775
remote yyy.yyy.yyy.yyy  775
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
compress lz4-v2
verb 3
key-direction 1
tcp-nodelay
sndbuf 0
rcvbuf 0

<ca>
—–BEGIN CERTIFICATE—–
MIIDVTCCAr6gAwIBAgIJAJIIm5Kj+g2yMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
BAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNVBAoTClpp
bmNvbWV0YWwxFjAUBgNVBAMTDVppbmNvbWV0YWwgQ0ExIjAgBgkqhkiG9w0BCQEW
E3N1cHBvcnRAZHluYW1pY2EuaXQwHhcNMTAwNDAyMTIxMTM1WhcNMjAwMzMwMTIx
MTM1WjB7MQswCQYDVQQGEwJJVDELMAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFu
MRMwEQYDVQQKEwpaaW5jb21ldGFsMRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIw
IAYJKoZIhvcNAQkBFhNzdXBwb3J0QGR5bmFtaWNhLml0MIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCyVVR5XjbvF9KZpzc4OuqJkiI25+kdf8cgllS1+GHcorhQ
—–END CERTIFICATE—–
</ca>
<cert>
—–BEGIN CERTIFICATE—–
MIIDtTCCAx6gAwIBAgIBFDANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJJVDEL
MAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFuMRMwEQYDVQQKEwpaaW5jb21ldGFs
MRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0
QGR5bmFtaWNhLml0MB4XDTE1MDkyNDA2NTc0NloXDTI1MDkyMTA2NTc0NlowgZIx
CzAJBgNVBAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNV
BAoTClppbmNvbWV0YWwxHDAaBgNVBAsUE1N5c3RlbSAmIE5ldHdvcmtpbmcxDzAN
BgNVBAMTBmlwYWQwMTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBkeW5hbWljYS5p
cUQRn5xIhO4sraeLfRvUZgBOVkLlZOX3qj7jsx0FhJ/R7LEJw09wJjE=
—–END CERTIFICATE—–
</cert>
<key>
—–BEGIN PRIVATE KEY—–
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANqSCOiPCxxsqS9U
ytCHBuXwtNb34zpyH/biM8zrLZml9jiLmaFiQVN/0H5mcar4X0ii5/gXbU8nLFlv
sjvldBhwz7QlBrQoimg6SOgqWSiq1owMHkXSCqI7ZmtyEXgh7taGbS0SzUyeBOsZ
DhQbOUJCzFbTq/1ywYUHu9fj/8oNAgMBAAECgYEAghxuyynj3l7c8/0Q4sOOmrEI
—–END PRIVATE KEY—–
</key>

<tls-auth>
—–BEGIN OpenVPN Static key V1—–
9fb1d5631195e587cdafc1e6c9133053
7aa9dafd570eaff6adf2f47a03c40755
d8601e321224968e24633a422d08b07e
d6c163f998fd0593cb5f060abc03d4a9
bf8f812d76423d7ba35655349d4da461
4d4dc6a82f886e69436ec650afca5e81
ef731864613c231af03f4c0fd86fe3ba
14e155dd866eb440879dc8b62e959f5c
7649ac21828513ea63c08dbbe73a3542
769dd5c81787a19511d181595b607265
be52f94bb26c30d0469db1a88a8c7753
0e305c79d5f9f277006d3d6000fac1d1
—–END OpenVPN Static key V1—–
</tls-auth>

e sul server nella directory ccd creo il file ipad01 che contiene:

ifconfig-push 172.27.1.20 172.27.1.21
push “route 192.168.2.0 255.255.254.0”
push “dhcp-option DOMAIN myfirm.localL”
push “dhcp-option DNS 192.168.2.224”
push “dhcp-option DNS 192.168.3.227”

 


Categorised as: Networking | Samba | Work

Comments are disabled on this post


Comments are closed.