{"id":1711,"date":"2020-02-17T11:39:47","date_gmt":"2020-02-17T10:39:47","guid":{"rendered":"http:\/\/clark.tipistrani.it\/?p=1711"},"modified":"2020-02-17T11:39:47","modified_gmt":"2020-02-17T10:39:47","slug":"accesso-a-samba-tramite-openvpn-su-ipad-2-3","status":"publish","type":"post","link":"https:\/\/clark.tipistrani.it\/?p=1711","title":{"rendered":"client ipad 2 con auth-tls"},"content":{"rendered":"

Anche in questo caso valgono i preparativi generali che sono uguali agli altri<\/p>\n

Si tratta ora di creare il file .ovpn che per mia comodit\u00e0 ho chiamato (con immensa fantasia) ipad01.ovpn e che contiene sia le istruzioni relative alla connessione al server Openvpn che i certificati ca.crt, ipad01.crt e ipad01.key\u00a0 racchiusi tra tag in questo modo:<\/p>\n

client
\ndev tun
\nproto tcp
\nremote xxx.xxx.xxx.xxx. 775
\nremote yyy.yyy.yyy.yyy\u00a0 775
\nresolv-retry infinite
\nnobind
\npersist-key
\npersist-tun
\nmute-replay-warnings
\nremote-cert-tls server
\ncipher AES-256-CBC
\nauth SHA256
\ncompress lz4-v2
\nverb 3
\nkey-direction 1
\ntcp-nodelay
\nsndbuf 0
\nrcvbuf 0<\/p>\n

<ca>
\n—–BEGIN CERTIFICATE—–
\nMIIDVTCCAr6gAwIBAgIJAJIIm5Kj+g2yMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
\nBAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNVBAoTClpp
\nbmNvbWV0YWwxFjAUBgNVBAMTDVppbmNvbWV0YWwgQ0ExIjAgBgkqhkiG9w0BCQEW
\nE3N1cHBvcnRAZHluYW1pY2EuaXQwHhcNMTAwNDAyMTIxMTM1WhcNMjAwMzMwMTIx
\nMTM1WjB7MQswCQYDVQQGEwJJVDELMAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFu
\nMRMwEQYDVQQKEwpaaW5jb21ldGFsMRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIw
\nIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGR5bmFtaWNhLml0MIGfMA0GCSqGSIb3DQEB
\nAQUAA4GNADCBiQKBgQCyVVR5XjbvF9KZpzc4OuqJkiI25+kdf8cgllS1+GHcorhQ
\n—–END CERTIFICATE—–
\n<\/ca>
\n<cert>
\n—–BEGIN CERTIFICATE—–
\nMIIDtTCCAx6gAwIBAgIBFDANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJJVDEL
\nMAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFuMRMwEQYDVQQKEwpaaW5jb21ldGFs
\nMRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0
\nQGR5bmFtaWNhLml0MB4XDTE1MDkyNDA2NTc0NloXDTI1MDkyMTA2NTc0NlowgZIx
\nCzAJBgNVBAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNV
\nBAoTClppbmNvbWV0YWwxHDAaBgNVBAsUE1N5c3RlbSAmIE5ldHdvcmtpbmcxDzAN
\nBgNVBAMTBmlwYWQwMTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBkeW5hbWljYS5p
\ncUQRn5xIhO4sraeLfRvUZgBOVkLlZOX3qj7jsx0FhJ\/R7LEJw09wJjE=
\n—–END CERTIFICATE—–
\n<\/cert>
\n<key>
\n—–BEGIN PRIVATE KEY—–
\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANqSCOiPCxxsqS9U
\nytCHBuXwtNb34zpyH\/biM8zrLZml9jiLmaFiQVN\/0H5mcar4X0ii5\/gXbU8nLFlv
\nsjvldBhwz7QlBrQoimg6SOgqWSiq1owMHkXSCqI7ZmtyEXgh7taGbS0SzUyeBOsZ
\nDhQbOUJCzFbTq\/1ywYUHu9fj\/8oNAgMBAAECgYEAghxuyynj3l7c8\/0Q4sOOmrEI
\n—–END PRIVATE KEY—–
\n<\/key><\/p>\n

<tls-auth>
\n—–BEGIN OpenVPN Static key V1—–
\n9fb1d5631195e587cdafc1e6c9133053
\n7aa9dafd570eaff6adf2f47a03c40755
\nd8601e321224968e24633a422d08b07e
\nd6c163f998fd0593cb5f060abc03d4a9
\nbf8f812d76423d7ba35655349d4da461
\n4d4dc6a82f886e69436ec650afca5e81
\nef731864613c231af03f4c0fd86fe3ba
\n14e155dd866eb440879dc8b62e959f5c
\n7649ac21828513ea63c08dbbe73a3542
\n769dd5c81787a19511d181595b607265
\nbe52f94bb26c30d0469db1a88a8c7753
\n0e305c79d5f9f277006d3d6000fac1d1
\n—–END OpenVPN Static key V1—–
\n<\/tls-auth><\/p>\n

e sul server nella directory ccd creo il file ipad01 che contiene:<\/p>\n

ifconfig-push 172.27.1.20 172.27.1.21
\npush “route 192.168.2.0 255.255.254.0”
\npush “dhcp-option DOMAIN myfirm.localL”
\npush “dhcp-option DNS 192.168.2.224”
\npush “dhcp-option DNS 192.168.3.227”<\/p>\n

 <\/p>\n

Mi 31<\/div>\n","protected":false},"excerpt":{"rendered":"

Anche in questo caso valgono i preparativi generali che sono uguali agli altri Si tratta ora di creare il file .ovpn che per mia comodit\u00e0 ho chiamato (con immensa fantasia) ipad01.ovpn e che contiene sia le istruzioni relative alla connessione al server Openvpn che i certificati ca.crt, ipad01.crt e ipad01.key\u00a0 racchiusi tra tag in questo […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,11,6],"tags":[94,93,78],"class_list":["post-1711","post","type-post","status-publish","format-standard","hentry","category-networking","category-samba","category-work","tag-ca-crt","tag-ipad2","tag-openvpn"],"_links":{"self":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1711"}],"version-history":[{"count":1,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1711\/revisions"}],"predecessor-version":[{"id":1713,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1711\/revisions\/1713"}],"wp:attachment":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}