for creating a simple peer to peer network between two clients you do not have to setup a complete X.509 certificate based infrastructure. You can use a static key created by OpenVPN for such purposes.
In a Point-To-Point environment one Computer acts as server (vpnmachine1: 192.168.200.1) the other as client (vpnmachine2: 192.168.200.2).
Advertisment to support michlstechblog.info
OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.
these are just 2 templates for a OpenVPN Server and a clients based on the post.
The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.
# Root Directory of the CA
# The common directory
# Directory for Server Certificate
# The CRL
# The Environment variable where openssl looking for its config
# Move default config
mv /etc/openvpn/server /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p /var/log/openvpn
these are the steps to build your own CA (Certification Authority) and all requiered certificates for a OpenVPN instance (Client and Server) on Linux.
Define your environment. Always set these variables in the shell before executing openssl commands. Adjust it to your needs.
, ca certificate
, renew CA
, x509_v3 extension
on Windows OpenVPN by default installs one TAP network interface. If you want to connect to multiple VPNs simultaneously you need an interface for each VPN.
You can add a additional adapter by a batch file provided by the TAP driver. Open a command prompt with administrative rights and change to the TAP install folder.
c:\> cd "C:\Program Files\TAP-Windows\bin"