This is an old revision of the document!
Simple configuration
Server side
port 1011 proto udp dev tun1 daemon writepid /var/run/openvpn.pid ca /etc/openvpn/certs/ca.pem cert /etc/openvpn/certs/cert.pem key /etc/openvpn/certs/.key dh /etc/openvpn/certs/dh1024.pem server 192.168.240.8 255.255.255.248 client-config-dir /etc/openvpn/ccd ccd-exclusive push "route 10.10.50.32 255.255.255.224" client-to-client keepalive 10 120 comp-lzo tls-auth /etc/openvpn/certs/ta.key 0 # This file is secret cipher AES-256-CBC max-clients 5 user nobody group nogroup persist-key persist-tun log /var/log/openvpn/vpn.log status /var/log/openvpn/vpn.status verb 4 mute 10
# To create the dh512.pem or dh1024.pem:
% # openssl gendh -rand rand.dat -out dh1024.pem
% openssl dhparam -check -text -5 512 -out dh512.pem
% openssl dhparam -check -text -5 1024 -out dh1024.pem
OpenSSL / SSL stuff
Generate individual certs out of .pk12 cert
openssl pkcs12 -nocerts -in default.p12 -out userkey.pem openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem
change PKCS12 password using OpenSSL
openssl pkcs12 -in old.p12 | openssl pkcs12 -export -out new.p12
Then, you should type in:
- Old import password
- PEM password
- PEM password again
- PEM password again twice
- New export password
