Once these programs are installed and have been moved to the right locations on your system, the next step is to create a Public Key Infrastructure (PKI) on the OpenVPN server so that you can request and manage TLS certificates for clients and other servers that will connect to your VPN. As a result, any updates to the easy-rsa package will be automatically reflected in your PKI’s scripts.įinally, ensure the directory’s owner is your non-root sudo user and restrict access to that user using chmod: Note: While other guides might instruct you to copy the easy-rsa package files into your PKI directory, this tutorial adopts a symlink approach. ln -s /usr/share/easy-rsa/* ~/easy-rsa/. ![]() Now you will need to create a symlink from the easyrsa script that the package installed into the ~/easy-rsa directory that you just created: Next you will need to create a new directory on the OpenVPN Server as your non-root user called ~/easy-rsa: Both packages are available in Ubuntu’s default repositories, so you can use apt for the installation: To start off, update your OpenVPN Server’s package index and install OpenVPN and Easy-RSA. Easy-RSA is a public key infrastructure (PKI) management tool that you will use on the OpenVPN Server to generate a certificate request that you will then verify and sign on the CA Server. The first step in this tutorial is to install OpenVPN and Easy-RSA. See How to Set Up SSH Keys on Ubuntu 20.04 for instructions on how to perform either of these solutions. ![]() Alternatively, you could generate an SSH keypair for each server, then add the OpenVPN Server’s public SSH key to the CA machine’s authorized_keys file and vice versa. ![]() To resolve this issue, you could re-enable password authentication on each server. Note: Please note that if you disable password authentication while configuring these servers, you may run into difficulties when transferring files between them later on in this guide.
0 Comments
Leave a Reply. |