Was trying out the Kali Linux Evil ISO but found that I needed to create certs for the VPN. This used to be a huge pain in the ass, but through this I’ve found Easy-RSA, and it truly is easy.
1. Like in the evil ISO howto, copy /usr/share/easy-rsa/ somewhere.
#cp -rf /usr/share/easy-rsa/ vpn
2. Steps below will create a “keys” directory for you.
3. Edit .vars to change the key location info if you need to, then run
#source .vars
4. Run ./clean-all to delete any keys already there.
5. Run ./build-ca to build the ca certs.
6. Build the server keys with ./build-key-server server
7. Build the client keys with ./build-key client.
8. Create the Diffie Hellman parameters file with ./build-dh
You should have a directory contents similar to this:
root@kali:~/vpn/keys# ls
ca.key client.key server.csr
client.crt dh2048.pem server.key
ca.crt client.csr server.crt
9. Copy the ca.* and dh2048.pem files to both server and client /etc/openvpn/ dirs.
10. Then copy server.* to server and client.* to client /etc/openvpn/ dirs.
Then, proceed with openvpn config in /etc/openvpn/server.conf and /etc/openvpn/client.conf respectively.
0 Comments