test openssl is installed
>openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
generate certificate
download easy-rsa @ https://github.com/OpenVPN/easy-rsa-old
extract, copy openssl-1.0.0.cnf from 2.0 folder to windows
>init-config
in vars.bat, change openssl.exe path, and easy-rsa path
rem Alternatively define the PATH to openssl.exe manually
set "PATH=%PATH%;C:\Program Files\OpenSSL-Win64\bin"
set HOME=C:\Users\zchen\Downloads\easy-rsa-old-master\easy-rsa\Windows
set KEY_CONFIG=openssl-1.0.0.cnf
>>clean-all
The system cannot find the file specified.
1 file(s) copied.
1 file(s) copied.
>build-ca
>build-key-server server
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd
An optional company name []:abcd
Using configuration from openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'changeme'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Apr 13 15:32:32 2032 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
>build-key client1
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd
An optional company name []:abcd
Using configuration from openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'changeme'
name :PRINTABLE:'bob'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Apr 13 16:00:20 2032 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
>build-dh
Generating DH parameters, 2048 bit long safe prime
add openvpn.exe path (C:\Program Files\OpenVPN\bin) to environment variable -> user variable -> Path -> new
>openvpn --genkey tls-auth ta.key
right click on openvpn icon in the task bar -> setting -> copy config path
copy server files into config folder
server starts
copy client files to config folder in client laptop
in client.opvn file, remote my-server-1 1194, replace my-server-1 with server name
client successfully connected to server
//server log
Sat Apr 16 13:48:29 2022 Initialization Sequence Completed
Sat Apr 16 13:48:29 2022 MANAGEMENT: >STATE:1650138509,CONNECTED,SUCCESS,10.8.0.1,,,,
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 TLS: Initial packet from [AF_INET6]::ffff:192.168.0.34:55176, sid=b83b63c5 fccaa0bd
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=bob, emailAddress=mail@host.domain
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_VER=2.5.6
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_PLAT=win
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_PROTO=6
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_NCP=2
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_LZ4=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_LZ4v2=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_LZO=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_COMP_STUB=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_COMP_STUBv2=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_TCPNL=1
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_GUI_VER=OpenVPN_GUI_11
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 peer info: IV_SSO=openurl,crtext
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Sat Apr 16 13:49:34 2022 192.168.0.34:55176 [changeme] Peer Connection Initiated with [AF_INET6]::ffff:192.168.0.34:55176
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 MULTI: Learn: 10.8.0.6 -> changeme/192.168.0.34:55176
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 MULTI: primary virtual IP for changeme/192.168.0.34:55176: 10.8.0.6
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Apr 16 13:49:34 2022 changeme/192.168.0.34:55176 SENT CONTROL [changeme]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
reference:
install openssl
create configuration files
generate CA certificate
Cannot pre-load keyfile (ta.key)
"Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)"
No comments:
Post a Comment