-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To follow up, a very brief introduction to Easy-RSA.
Download the latest Easy-RSA: https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.5 Unpack that to a suitable folder in your HOME folder. Change directory to the new folder. Create your first PKI: $ ./easyrsa init-pki Create your CA: $ ./easyrsa --nopass build-ca Create your server certificate: $ ./easyrsa --nopass build-server-full server1 Create your client certificate: $ ./easyrsa --nopass build-client-full client1 Note: These certificates will not be password protected but you don't need password protection at this stage of your learning curve. Create a TLS key with Openvpn: $ openvpn --genkey tls-crypt tls-crypt.key That is all there is to generating a working PKI. This will also create Inline files in the PKI folder, under 'pki/inline' - These inline files are suitable for use in your server and client config files by copy and pasting them as-is into the config files. To add the TLS key, you can copy and paste it as inline but this is not automatically done by Easy-RSA, you must do that yourself. To use TLS keys inline, use the inline tag like so: <tls-crypt> * Paste the tls-crypt.key file here * </tls-crypt> (This does not require the --key-direction parameter) Assuming that you do that correctly, your config files are now ready to use, after you add the other Openvpn directives. eg: --server or --client etc. If that looks too difficult then try a script, such as: https://github.com/pivpn/pivpn Good luck, tct -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBYJk3QSlCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAACS8Qf/bQcyzV9hH2gPY4l+sIMVHCkXalLYY2MnGMY0ONYci7qt+znD cX/x0G/2jbEjz7/sUNM19g7BnH+xfsJ3pD+WHLBkYQFYKBO9wrlikek05OJZ 8QlxpzUMqDr4EzGeDkIOAik0TWdG/RjQRXEcOqZjGUgcndba0K/af0XKkyp2 BQLg5XzYKx9FZgILu2FTjkFKOfVV24kLciLGKNgmSE7EozP0eBZPh2YS0hP+ onw7IYvNeMrHFIgT4E/alkO544BFPwRnhdSkWI6U46LDS3D92VpbVxo/cwzg fwSSL42l+aqG7TicFWVNXkftxmLBdEKVKySzQkrcGuI/rzKzTa22cQ== =tAAy -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users