Ubuntu Unleashed 2019 Edition: Covering 18.04, 18.10, 19.04

(singke) #1

and adjusting the following:


Click here to view code image
export KEY_COUNTRY="us"
export KEY_PROVINCE="IA"
export KEY_CITY="Iowa City"
export KEY_ORG="Your Company"
export KEY_EMAIL="[email protected]"


Generate your certificate authority and key:


Click here to view code image
matthew@seymour:~$ cd /etc/openvpn/easy-rsa
matthew@seymour:~$ sudo source vars
matthew@seymour:~$ sudo ./clean-all
matthew@seymour:~$ sudo ./build-ca
matthew@seymour:~$ sudo cp -r /usr/share/doc/openvpn/examples/easy-
rsa/2.0/* /etc/openvpn/easy-rsa/


Generate a certificate and private key for the server, replacing
yourservername with the name of your server:


Click here to view code image
matthew@seymour:~$ sudo ./buid-key-server yourservername


Build the Diffie-Hellman parameters:


Click here to view code image
matthew@seymour:~$ sudo ./build-dh


Copy the certificates and keys, replacing yourservername with the name of
your server:


Click here to view code image
matthew@seymour:~$ cd keys/
matthew@seymour:~$ sudo cp yourservername.crt yourservername.key
ca.crt dh1024.pem /etc/openvpn/


You must create a different certificate for each client by using this method.
This is because the larger, proprietary VPN vendors distribute their
certificates with their server and client software, but you are creating your
own. Do this on the server machine for each client, replacing clientname with
the name of each client system:


Click here to view code image
matthew@seymour:~$ cd /etc/openvpn/easy-rsa/
matthew@seymour:~$ source vars
matthew@seymour:~$ ./build-key clientname


Now, copy the following files you just generated to the client for which it was

Free download pdf