GitXplorerGitXplorer
c

roadwarrior-vpn

public
0 stars
0 forks
0 issues

Commits

List of commits on branch master.
Unverified
797f740bb0f625db5c5e1db20ab16dbba9ff0ce7

Add scripts for certificate revocation

ccfra committed 5 years ago
Unverified
6e86acbe6293f391f356a7fcd9df47e07282e4c7

README: Add information about supported OpenVPN versions

ccfra committed 6 years ago
Unverified
df83fdf984d006960f55689a63a82786dfd5f611

Topology subnet also needs to be set on the clients

ccfra committed 6 years ago
Unverified
3c559496c02d9a4d433806e59a0ce4cd080daed8

Tell people to install openvpn

ccfra committed 6 years ago
Unverified
031fa3feb41d4934a90187e251b582c016288574

Fix init_ca script to reference correct config

ccfra committed 6 years ago
Unverified
15984b2128263fd0a4da0246e1d1a85ceed5e778

Documentation: Don't clone to /etc

ccfra committed 6 years ago

README

The README file for this repository.

Setting up a Roadwarrior OpenVPN

Setting up a roadwarrior VPN with OpenVPN was a bit tricky for me. Therefore, I have put together some scripts which should make a sensible setup easier.

Feel free to let me know if you encouter any issues with this.

The configs generated by these scripts require OpenVPN version >=2.4.

PKI

On some machine which you trust with the PKI:

  1. Clone this git: 
    git clone https://github.com/cfra/roadwarrior-vpn.git
  2. Create a SETTINGS file from SETTINGS.example.
  3. Initialize the CA: 
    ./init_ca.sh
  4. Create Server Config: 
    ./new_endpoint.sh server <server-common-name>
  5. Create Client Config: 
    ./new_endpoint.sh client <client-common-name>

Server

  1. Install OpenVPN on the server: 
    apt install openvpn
  2. Edit the VPN config
  3. Put the generated config from the PKI system to the machine which should be the VPN server: 
    scp servers/vpn.example.com.ovpn vpn.example.com:/etc/openvpn/roadwarrior.conf
  4. On the server, enable and start the VPN service: 
    systemctl enable openvpn@roadwarrior.service
systemctl start openvpn@roadwarrior.service
  5. Verify its status: 
    systemctl status openvpn@roadwarrior.service

Client

  1. The generated config should just be usable as is

Revocation

  1. Call the revocation script: 
    ./revoke_endpoint.sh client <client-common-name>
  2. Copy the generated CRL from pki/ca/crl/current.pem to a place where OpenVPN can read it and reference it like this, updating the path accordingly: 
    crl-verify crl/current.pem