Now, I think I'm going about it in the right order so far.
1. In VPN - CA, created a CA key using the server hostname.domain.com name as the Common Name
2. In VPN - Other Keys, created 2 keys, first for server, using a different made-up name for the Common Name, and a second key for the test remote client I'll be using to connect in from. 3. I copied the files /etc/freeswan/ipsec.d/private/myclient.key
and
/etc/freeswan/ipsec.d/certs/myclient.crt
to my remote test client using scp.
Should i now delete them from the firewall for security reasons?
4. Next in VPN -> OpenVPN I created an entry for the server (the firewall) as follows:
Type Device Type Local Name Certificate Name Local VPN Point Port Ping Restart Remote IP CA Name Remote VPN Point Remote Subnet/Netmask Optional Parameters
1 tls-server tun dubvpn dubvpn 10.149.32.215
1194 30
ca 10.149.49.1
255.255.255.0
I used the hostname for the Local and Certificate names. This is the same name I used for the CA common name. Does that matter?
This created the files /etc/openvpn/dubvpn.up and /etc/openvpn/tls-dubvpn.conf
Now, the question! When i look at /etc/openvpn/tls-dubvpn.conf, it says:
dev tun ifconfig 10.149.32.215 10.149.49.1 up /etc/openvpn/dubvpn.up tls-server dh /etc/openvpn/dh2048.pem ca /etc/openvpn/ca.crt cert /etc/openvpn/dubvpn.crt key /etc/openvpn/dubvpn.key port 1194 verb 3
The files for the ca, cert and key files are not in this directory (/etc/openvpn) being shown here. Therefore, do i need to move:
a. the ca.crt file from /etc/freeswan/ipsec.d/cacerts/ to /etc/openvpn
b. the dubvpn.crt file from /etc/freeswan/ipsec.d/certs/ to /etc/openvpn
c. the dupvpn.key file from /etc/freeswan/ipsec.d/private/ to /etc/openvpn
d. run "openssl dhparam -out /etc/openvpn/dh2048.pem 2048" to create a file call dh2048.pem in /etc/openvpn
Am i on the right track so far??
Should the tls file paths not be correct for the crt and key files?
Do i now need to create an openvpn entry for the client also, and then copy the relevant tls and up files from /etc/openvpn on the firewall to the client machine, or is this only meant to be done on the client itself. In other words, do i need client entries in VPN -> OpenVPN for all the remote clients who will be connecting in?
Now I'm going to do the Firewall -> tunnels section next. Wish me luck!!
Dj.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
