絖綛 N@i.jp  昨日:00012516
 今日:00004118
 総計:00116005
keywords
管理者専用
  Post   Add link   Control Panel 































新しいトピック
最新:11/14 16:41


新しいコメント
最新:07/28 16:47






管理人へMAIL

プライバシーポリシー

OpenVPN(4)

OpenVPN本体のインストール


 準備が整ったので、OpenVPN本体のビルド、インストールに取り掛かります。

  1. 再びOpenVPNの方に戻り、ビルドに取り掛かる。
    $ cd ~/openvpn-2.2.0
    $ ./configure
      〜
    configure: creating ./config.status
    config.status: creating t_client.sh
    config.status: creating Makefile
    config.status: creating openvpn.spec
    config.status: creating images/Makefile
    config.status: creating service-win32/Makefile
    config.status: creating install-win32/Makefile
    config.status: creating install-win32/settings
    config.status: creating config.h
    config.status: executing depfiles commands
    $ make
    $ make check
      〜
    ====================
    All 2 tests passed
    (1 test was not run)
    ====================
  2. インストールする。
    $ sudo make install
  3. 鍵の作成。
     OpenVPNのビルド、インストールが完了したら、次は設定作業です。先ず OpenVPN の通信に用いる暗号鍵を作成します。
    1. マスター認証機関(CA)の証明書と鍵の生成
       証明書と鍵の生成には "openvpn-2.2.0" ディレクトリの "easy-rsa"配下にあるシェルスクリプトを用いる。
      $ cd openvpn-2.2.0/easy-rsa/2.0
    2. varsファイルを編集する。
       適当なエディタを用いてファイルの一番最後の方にある、以下(↓)の部分を編集する。
      # These are the default values for fields
      # which will be placed in the certificate.
      # Don't leave any of these fields blank.
      export KEY_COUNTRY="US"
      export KEY_PROVINCE="CA"
      export KEY_CITY="SanFrancisco"
      export KEY_ORG="Fort-Funston"
      export KEY_EMAIL="me@myhost.mydomain"
      たとえば、こんな感じ。
      export KEY_COUNTRY="JP"  ←2文字のコード。日本なら"JP"
      export KEY_PROVINCE="Shizuoka"      ←都道府県名で良いんでない?
      export KEY_CITY="Makinohara"       ←市とか町名
      export KEY_ORG="Private"         ←組織名と言われてもなぁ。個人的な使用と言うことで。
      export KEY_EMAIL="hogehoge@xxx.co.jp"
    3. 認証局(CA)の証明書作成
       ここからは root になって作業した方が良いでしょうねぇ。
      $ su
      # . ./vars
      NOTE: If you run ./clean-all, I will be doing a rm -rf on /Users/hoge/openvpn-2.2.0/easy-rsa/2.0/keys
      # ./clean-all
      # ./build-ca
      Generating a 1024 bit RSA private key
      ....++++++
      ..............................++++++
      unable to write 'random state'
      writing new private key to 'ca.key'
      -----
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [Private CA]:MyServer  ←★サーバー名を手入力する
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
    4. サーバー用の証明書と秘密鍵の作成
      # ./build-key-server server
      Generating a 1024 bit RSA private key
      ..........................................................++++++
      ................................++++++
      unable to write 'random state'
      writing new private key to 'server.key'
      -----
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [server]: ←★ここでは単にリターン
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
      
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
      Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName           :PRINTABLE:'JP'
      stateOrProvinceName   :PRINTABLE:'Shizuoka'
      localityName          :PRINTABLE:'Makinohara'
      organizationName      :PRINTABLE:'Private'
      commonName            :PRINTABLE:'server'
      emailAddress          :IA5STRING:'hogehoge@xxx.co.jp'
      Certificate is to be certified until Jun 11 12:18:15 2021 GMT (3650 days)
      Sign the certificate? [y/n]:y    ←★ yを入力
      
      
      1 out of 1 certificate requests certified, commit? [y/n]y    ←★ yを入力
      Write out database with 1 new entries
      Data Base Updated
      unable to write 'random state'
    5. クライアント用の証明書と鍵の作成
      # ./build-key client1
      Generating a 1024 bit RSA private key
      ........++++++
      ..................................................++++++
      unable to write 'random state'
      writing new private key to 'client1.key'
      -----
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [JP]:
      State or Province Name (full name) [Shizuoka]:
      Locality Name (eg, city) [Makinohara]:
      Organization Name (eg, company) [Private]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) [client1]:  ←★ここでは単にリターン
      Name []:
      Email Address [hogehoge@xxx.co.jp]:
      
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
      Using configuration from /Users/nai/tmp/OpenVPN/openvpn-2.2.0/easy-rsa/2.0/openssl.cnf
      DEBUG[load_index]: unique_subject = "yes"
      Check that the request matches the signature
      Signature ok
      The Subject's Distinguished Name is as follows
      countryName           :PRINTABLE:'JP'
      stateOrProvinceName   :PRINTABLE:'Shizuoka'
      localityName          :PRINTABLE:'Makinohara'
      organizationName      :PRINTABLE:'Private'
      commonName            :PRINTABLE:'client1'
      emailAddress          :IA5STRING:'hogehoge@xxx.co.jp'
      Certificate is to be certified until Jun 11 12:21:26 2021 GMT (3650 days)
      Sign the certificate? [y/n]:y    ←★ yを入力
      
      
      1 out of 1 certificate requests certified, commit? [y/n]y    ←★ yを入力
      Write out database with 1 new entries
      Data Base Updated
      unable to write 'random state'
      これを必要なクライアント数分行います。
    6. Diffie Hellmanパラメータの生成
      # ./build-dh
      Generating DH parameters, 1024 bit long safe prime, generator 2
      This is going to take a long time
      ...................................+..........................+.............................
      〜略〜
      .........................++*++*++*
      unable to write 'random state'
    これで証明書と鍵が keysディレクトリの下に出来ているはずです。


■ このトピックへのコメント投稿フォーム ■
キャンセル
※ HTMLタグは使えません
* 名前
* MAIL
* URL
本文
PASS ※ 半角英数8文字まで
認証 ※ 参七弐八七を半角数字で入力して下さい
  * 印の項目をcookieに保存する

2011 calendar
6月
1234
567891011
12131415161718
19202122232425
2627282930


掲示板
最新:08/15 17:19


GsBlog was developed by GUSTAV, Copyright(C) 2003, Web Application Factory All Rights Reserved.