Now remove the password from the host and client(s) keys so that OpenVPN can run in interactive mode.Openssl dhparam -out /config/auth/dhp.pem -2 1024 Feel free to change the key length to 2048 or even 4096 but be aware that while it offers greater security it will also slow the whole VPN process down.Expect this to take 10 minutes with one CPU at 100% for 1024 or about 2 hours for 2048. Now we need to generate our Diffie-Hellman (DH) parameters to ensure Perfect Forward Secrecy (PFS).I made two so my wife could use it on her phone too. Repeat this step for each client device you plan on having.Move the new files while renaming them.The CN of your user certificate should be something unique. You will create one of these for each device you plan on connecting with OpenVPN. Next, generate a request and sign it for a new user certificate.Mv /usr/lib/ssl/misc/newkey.pem /config/auth/server.key Mv /usr/lib/ssl/misc/newcert.pem /config/auth/server.pem In addition to moving the files, we’ll also rename them.Ĭp /usr/lib/ssl/misc/demoCA/cacert.pem /config/auth/Ĭp /usr/lib/ssl/misc/demoCA/private/cakey.pem /config/auth/
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |