Openvpn: Difference between revisions
From DWIKI
m (→HOWTO) |
|||
| Line 12: | Line 12: | ||
./easyrsa revoke someclient | ./easyrsa revoke someclient | ||
./easyrsa gen-crl | ./easyrsa gen-crl | ||
Check crl | |||
Check crl (TODO this is incorrect) | |||
openssl crl -in -text pki/crl.pem | openssl crl -in -text pki/crl.pem | ||
Check the | |||
Check the serial numbers of the revoke certs | |||
grep ^R pki/index.txt | grep ^R pki/index.txt | ||
You might need to copy crl.pem to /etc/openvpn/ | |||
cp ~/easy-rsa/pki/crl.pem /etc/openvpn | |||
==Push DNS to linux clients== | ==Push DNS to linux clients== | ||
Revision as of 09:59, 5 September 2023
HOWTO
Using easyrsa
https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
Revoke certificate
https://openvpn.net/community-resources/revoking-certificates/
./easyrsa revoke someclient ./easyrsa gen-crl
Check crl (TODO this is incorrect)
openssl crl -in -text pki/crl.pem
Check the serial numbers of the revoke certs
grep ^R pki/index.txt
You might need to copy crl.pem to /etc/openvpn/
cp ~/easy-rsa/pki/crl.pem /etc/openvpn
Push DNS to linux clients
http://blog.milford.io/2011/02/setting-up-an-openvpn-client-for-ubuntudebianmint-cli-edition/
echo "up /etc/openvpn/update-resolv-conf" >> ~/client/client.conf echo "down /etc/openvpn/update-resolv-conf" >> ~/client/client.conf
Openvpn and systemd
https://ubuntu.com/server/docs/service-openvpn
FAQ
NOTE: FlushIpNetTable failed on interface
This happens on windows, ignore it.
TLS Error: local/remote TLS keys are out of sync
First give it some time
WARNING: 'link-mtu' is used inconsistently
?
VERIFY ERROR: depth=0, error=CRL has expired
easyrsa gen-crl
and copy that to /etc/openvpn
