openvpn (server)

_$: apt-get install openvpn

_$: mkdir -p /etc/openvpn/CA/{private,newcerts} && cd /etc/openvpn/CA
_$: chmod 0700 private
_$: echo '01' | tee ./serial
_$: touch index.txt
_$: cp /etc/ssl/openssl.cnf ./

_$: cd /etc/openvpn/CA
_$: openssl req -new -x509 -newkey rsa:4096 -keyout private/cakey.pem -out cacert.pem -days 3650 -config ./openssl.cnf
Enter PEM pass phrase:             # (Use a strong password)
Verifying - Enter PAM pass phrase: # (Repeat the password)
Country Name (2 letter code) [AU]:SP
State or Province Name (full name) [Some-State]:Aragon
Locality Name (eg, city) []:Zaragoza
Organization Name (eg, company) [Internet Widgits Pty Ltd]:example.com
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:devops.example.com
Email Address []:

_$: tree /etc/openvpn/
/etc/openvpn/
├── CA
│   ├── cacert.pem
│   ├── index.txt
│   ├── newcerts
│   ├── openssl.cnf
│   ├── private
│   │   └── cakey.pem
│   └── serial
└── update-resolv-conf

_$: cd /etc/openvpn

_$: openssl req -new -newkey rsa:2048 -nodes -keyout devops.example.com.key -out devops.example.com.req
Country Name (2 letter code) [AU]:SP
State or Province Name (full name) [Some-State]:Aragon
Locality Name (eg, city) []:Zaragoza
Organization Name (eg, company) [Internet Widgits Pty Ltd]:example.com
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:devops.example.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

_$: openssl ca -out devops.example.com.cert -config /etc/openvpn/CA/openssl.cnf -infiles devops.example.com.req
Enter pass phrase for /etc/openvpn/CA/private/cakey.pem: (La contraseña fuerte que pusimos en la CA)

_$: chown root:root devops.example.com.*
_$: chmod 0600 devops.example.com.key
_$: openssl dhparam -out /etc/openvpn/dh2048.pem 2048
_$: tree /etc/openvpn/
/etc/openvpn/
├── CA
│   ├── cacert.pem
│   ├── index.txt
│   ├── index.txt.attr
│   ├── index.txt.old
│   ├── newcerts
│   │   └── 01.pem
│   ├── openssl.cnf
│   ├── private
│   │   └── cakey.pem
│   ├── serial
│   └── serial.old
├── devops.conf
├── devops.example.com.cert
├── devops.example.com.key
├── devops.example.com.req
├── dh2048.pem
└── update-resolv-conf


_$: service openvpn restart
 * Stopping virtual private network daemon(s)...
 *   No VPN is running.
 * Starting virtual private network daemon(s)...
 *   Autostarting VPN 'devops'
_$: tail -f /var/log/openvpn.log
Wed Mar  6 17:52:11 2013 us=169593 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Mar  6 17:52:11 2013 us=172321 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Mar  6 17:52:11 2013 us=287550 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar  6 17:52:11 2013 us=289601 GID set to nogroup
Wed Mar  6 17:52:11 2013 us=289687 UID set to nobody
Wed Mar  6 17:52:11 2013 us=289743 UDPv4 link local (bound): [undef]
Wed Mar  6 17:52:11 2013 us=289757 UDPv4 link remote: [undef]
Wed Mar  6 17:52:11 2013 us=289770 MULTI: multi_init called, r=256 v=256
Wed Mar  6 17:52:11 2013 us=289841 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Mar  6 17:52:11 2013 us=289878 Initialization Sequence Completed