OpenBSD // OpenVPN // EasyRSA || first steps

First of all: Read the fckn manual. Preparing the server # ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa genreq SERVERID nopass # ./easyrsa sign-req server SERVERID # ./easyrsa gen-crl # ./easyrsa gen-dh Preparing a client # ./easyrsa genreq CLIENTID # ./easyrsa sign-req client CLIENTID Revoking a client # ./easyrsa revoke CLIENTID # ./easyrsa gen-crl You […]

OpenVPN | enable revocation – revoke a key

Add the following line to your servers conf: crl-verify /etc/openvpn/crl.pem Use the easyrsa ‘revoke-full ‘ command to revoke the key. Copy (NOT MOVE!) the crl.pem file from directory ‘keys’ to /etc/openvpn Restart the server Notice I: The next revocations will be added to the crl.pem file. There is no need to restart the server for […]

OpenVPN | log connection status

First method: Add the following lines to servers conf: status /var/log/status.log 5 status-version 2 Second method: Add the following lines to servers conf: client-connect /path/to/your/connect_script.sh client-disconnect /path/to/your/disconnect_script.sh Start your server with ‘–script-security 2’ The scripts must be owned by the same user running the server. If your scripts are writing log files, check the log […]