Gerando Certificados
/certificate add name=ca country=”BR” state=”GO” locality=”GOIANIA” organization=”CUIDADO DIGITAL” unit=”MATRIZ GOIANIA” \
common-name=”ca” key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign/certificate sign ca ca-crl-host=127.0.0.1 name=”ca”
/certificate add name=servidor country=”BR” state=”GO” locality=”GOIANIA” organization=”CUIDADO DIGITAL” unit=”MATRIZ GOIANIA” \
common-name=”servidor” key-size=4096 days-valid=1095 key-usage=digital-signature,key-encipherment,tls-server/certificate sign servidor ca=”ca” name=”servidor”
/certificate add name=delcain country=”BR” state=”GO” locality=”GOIANIA” organization=”CUIDADO DIGITAL” unit=”MATRIZ GOIANIA” \
common-name=”delcain” key-size=4096 days-valid=3650 key-usage=tls-client/certificate add name=usuario1 copy-from=”delcain” common-name=”usuario1″
/certificate add name=usuario2 copy-from=”delcain” common-name=”usuario2″
/certificate add name=usuario3 copy-from=”delcain” common-name=”usuario3″/certificate sign delcain ca=”ca” name=”delcain”
/certificate sign usuario1 ca=”ca” name=”usuario1″
/certificate sign usuario2 ca=”ca” name=”usuario2″
/certificate sign usuario3 ca=”ca” name=”usuario3″/certificate export-certificate ca export-passphrase=””
/certificate export-certificate delcain export-passphrase=””
/certificate export-certificate mariajose export-passphrase=””
/certificate export-certificate fabricio export-passphrase=””
/certificate export-certificate dante export-passphrase=””
Configurando Servidor OpenVPN
Passo 1- Criar Pool de IPS
Passo 2 – Habilitar Serviço OpenVPN
Passo 3 – Configurar Profile para
Passo 5 – Criar Contas de Usuários
Configurado Clientes Windows
Após instalar cliente OpenVPN configurar cliente com a seguintes diretivas
client
dev tunproto tcp-client
remote vpn.cuidadodigital.com.br 1194nobind
persist-key
persist-tuntls-client
ca cert_export_ca.crt
cert cert_export_delcain.crt
key cert_export_delcain.keyping 10
verb 3;push “route 192.168.200.0 255.255.255.0 192.168.201.1”
push “dhcp-option DNS 192.168.200.6”
push “dhcp-option DOMAIN cuidadodigital.com.br”cipher AES-256-CBC
auth SHA1
auth-user-pass auth.cfg
auth-nocacheredirect-gateway def1
Sobre o Autor