Steps for setting up a VPN network with OpenVPN.
'#>' means output you should see during the process.
- Install dependencies:
sudo apt install zip ntpdate ntp
- Update time:
sudo service ntp stop
sudo ntpdate pool.ntp.org
sudo service ntp start
- Create user for CA Server and logon:
sudo adduser ca
su ca
cd ~
- Download Easy-RSA tool:
wget https://github.com/OpenVPN/easy-rsa/archive/master.zip
unzip master.zip
cd easy-rsa-master/easyrsa3
- Init PKI (Public Key Infrastructure):
./easyrsa init-pki
#> init-pki complete; you may now create a CA or requests.
#> Your newly created PKI dir is: /home/ca/easy-rsa-master/easyrsa3/pki
- Building CA:
./easyrsa build-ca
#> Generating a 2048 bit RSA private key
#> ... [Common Name]
Write your [Common Name]. Usualy it is ca.[domain].
If you don't want parovide password on any request add nopass (IT's INSECURE!!!):
./easyrsa build-ca nopass
There are two important files on this step:
- ./pki/ca.crt
- ./pki/private/ca.key
DO NOT EVER (!!!) show or transfer ca.key! File ca.crt is public, so you can (and must :)) show it for everyone.