====== OpenVPN ======

Strona na różne notatki.

==== Klient OpenVPN pod systemd ====

Najpierw należy wygenerować klucz oraz certyfikat na serwerze OpenVPN.

Na systemie-kliencie należy utworzyć plik ///etc/openvpn/client/vpn_siec_pl.conf// o treści:

<code>
client
dev tun
proto udp
remote vpn.siec.pl 1194
nobind
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
verb 3
explicit-exit-notify

route-delay 2

<ca>
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END PRIVATE KEY-----
</key>
</code>

Systemd czyta pliki w tym katalogu i potrafi przetłumaczyć je sobie na "unit":

  systemctl enable openvpn-client@siec_vpn_pl
  systemctl start openvpn-client@siec_vpn_pl
  systemctl status openvpn-client@siec_vpn_pl