openvpn to create a vpn or to connect
yum install openvpn easy-rsa
http://damiengustave.fr/mise-en-place-dun-vpn-avec-openvpn-2-3-et-easy-rsa-3/
for server :
cd /etc/openvpn/
Choose TCP (mobile connection issue with udp)
copy easy_rsa scripts
cp -Rp /usr/share/easy-rsa/3/ easy-rsa
generate pki and CA:
./easyrsa init-pki
./easyrsa build-ca
generate tsl key for connection :
openvpn --genkey --secret ta.key
generate server key :
./easyrsa gen-req server nopass
generate sign server key :
./easyrsa sign-req server server
for clients :
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client
./easyrsa gen-crl
for another key :
openssl dhparam -out /etc/openvpn/ssl/dh.pem 2048
Once all set up, mount cifs partition to linux :
mount -t cifs //10.8.0.1/public /mnt/cifs -o username=bmartin,password=XXX
Create user just for samba :
adduser –disabled-login –ingroup impacte acdremont
Give it a samba password :
smbpasswd -a acdremont
create a group impacte, add users to it, chown main:impacte /home/impacte
give group write permision
chmod -R g+w /home/impacte/
add this to smb.conf :
[impacte]
comment = Imp'Acte
path = /home/impacte
valid users = bmartin acdremont jpereira
writable = yes
printable = no
group = impacte
if bad named files, use this command at root of share :
find . -exec rename -v ‘s/[^\x00-\x7F]//g’ « {} » \;
find . -name « *’* » -exec rename « s/\’/_/ » {} \;
server config file :
~#cat /etc/openvpn/server.conf | egrep -v "(^#.*|^;.*|^$)"
port 1196
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
explicit-exit-notify 1
remote-cert-eku "TLS Web Client Authentication"
persist-key
persist-tun
ca ca.crt
cert server.crt
comp-lzo adaptive
dev tun
ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120
key server.key
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
port 1194
proto udp
verb 3
crl-verify crl.pem
client config file :
~# cat /etc/openvpn/client/client.conf
client
dev tun
proto udp
port 1194
remote openvpn.brunocsmartin.fr 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
ca ca.crt
cert vps_rpi32.crt
key vps_rpi32.key
tls-auth ta.key 1
key-direction 1
pull-filter ignore redirect-gateway