絖綛 N@i.jp  昨日:00023184
  Post   Add link   Control Panel 

最新:02/11 11:33

最新:07/28 16:47






  1. 再びOpenVPNの方に戻り、ビルドに取り掛かる。
    $ cd ~/openvpn-2.2.0
    $ ./configure
    configure: creating ./config.status
    config.status: creating t_client.sh
    config.status: creating Makefile
    config.status: creating openvpn.spec
    config.status: creating images/Makefile
    config.status: creating service-win32/Makefile
    config.status: creating install-win32/Makefile
    config.status: creating install-win32/settings
    config.status: creating config.h
    config.status: executing depfiles commands
    $ make
    $ make check
    All 2 tests passed
    (1 test was not run)
  2. インストールする。
    $ sudo make install
  3. 鍵の作成。
     OpenVPNのビルド、インストールが完了したら、次は設定作業です。先ず OpenVPN の通信に用いる暗号鍵を作成します。
    1. マスター認証機関(CA)の証明書と鍵の生成
       証明書と鍵の生成には "openvpn-2.2.0" ディレクトリの "easy-rsa"配下にあるシェルスクリプトを用いる。
      $ cd openvpn-2.2.0/easy-rsa/2.0
    2. varsファイルを編集する。
      # These are the default values for fields
      # which will be placed in the certificate.
      # Don't leave any of these fields blank.
      export KEY_COUNTRY="US"
      export KEY_PROVINCE="CA"
      export KEY_CITY="SanFrancisco"
      export KEY_ORG="Fort-Funston"
      export KEY_EMAIL="me@myhost.mydomain"
      export KEY_COUNTRY="JP"  ←2文字のコード。日本なら"JP"
      export KEY_PROVINCE="Shizuoka"      ←都道府県名で良いんでない?
      export KEY_CITY="Makinohara"       ←市とか町名
      export KEY_ORG="Private"         ←組織名と言われてもなぁ。個人的な使用と言うことで。
      export KEY_EMAIL="hogehoge@xxx.co.jp"
    3. 認証局(CA)の証明書作成
       ここからは root になって作業した方が良いでしょうねぇ。
      $ su
      # . ./vars
      NOTE: If you run ./clean-all, I will be doing a rm -rf on /Users/hoge/openvpn-2.2.0/easy-rsa/2.0/keys
      # ./clean-all
      # ./build-ca
      Generating a 1024 bit RSA private key
      unable to write 'random state'
      writing new private key to 'ca.key'
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [Private CA]:MyServer  ←★サーバー名を手入力する
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
    4. サーバー用の証明書と秘密鍵の作成
      # ./build-key-server server
      Generating a 1024 bit RSA private key
      unable to write 'random state'
      writing new private key to 'server.key'
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [server]: ←★ここでは単にリターン
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
      Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName           :PRINTABLE:'JP'
      stateOrProvinceName   :PRINTABLE:'Shizuoka'
      localityName          :PRINTABLE:'Makinohara'
      organizationName      :PRINTABLE:'Private'
      commonName            :PRINTABLE:'server'
      emailAddress          :IA5STRING:'hogehoge@xxx.co.jp'
      Certificate is to be certified until Jun 11 12:18:15 2021 GMT (3650 days)
      Sign the certificate? [y/n]:y    ←★ yを入力
      1 out of 1 certificate requests certified, commit? [y/n]y    ←★ yを入力
      Write out database with 1 new entries
      Data Base Updated
      unable to write 'random state'
    5. クライアント用の証明書と鍵の作成
      # ./build-key client1
      Generating a 1024 bit RSA private key
      unable to write 'random state'
      writing new private key to 'client1.key'
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [client1]:  ←★ここでは単にリターン
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
      Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
      DEBUG[load_index]: unique_subject = "yes"
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName           :PRINTABLE:'JP'
      stateOrProvinceName   :PRINTABLE:'Shizuoka'
      localityName          :PRINTABLE:'Makinohara'
      organizationName      :PRINTABLE:'Private'
      commonName            :PRINTABLE:'client1'
      emailAddress          :IA5STRING:'hogehoge@xxx.co.jp'
      Certificate is to be certified until Jun 11 12:21:26 2021 GMT (3650 days)
      Sign the certificate? [y/n]:y    ←★ yを入力
      1 out of 1 certificate requests certified, commit? [y/n]y    ←★ yを入力
      Write out database with 1 new entries
      Data Base Updated
      unable to write 'random state'
    6. Diffie Hellmanパラメータの生成
      # ./build-dh
      Generating DH parameters, 1024 bit long safe prime, generator 2
      This is going to take a long time
      unable to write 'random state'
    これで証明書と鍵が keysディレクトリの下に出来ているはずです。

< 過去の記事 [ 6月の 全てのカテゴリ リスト ] 新しい記事 >

2011 calendar

最新:08/15 17:19

GsBlog was developed by GUSTAV, Copyright(C) 2003, Web Application Factory All Rights Reserved.