openvpn to create a vpn or to connect<\/p>\n
yum install openvpn easy-rsa<\/p>\n
http:\/\/damiengustave.fr\/mise-en-place-dun-vpn-avec-openvpn-2-3-et-easy-rsa-3\/<\/a><\/p>\n for server :<\/p>\n Choose TCP (mobile connection issue with udp)<\/p>\n copy easy_rsa scripts<\/p>\n generate pki and CA:<\/p>\n generate tsl key for connection : generate server key :<\/p>\n generate sign server key :<\/p>\n for clients :<\/p>\n for another key :<\/p>\n Once all set up, mount cifs partition to linux :<\/p>\n Create user just for samba :<\/p>\n adduser –disabled-login –ingroup impacte acdremont<\/p>\n Give it a samba password :<\/p>\n smbpasswd -a acdremont<\/p>\n create a group impacte, add users to it, chown main:impacte \/home\/impacte<\/p>\n give group write permision<\/p>\n chmod -R g+w \/home\/impacte\/<\/p>\n add this to smb.conf :<\/p>\n if bad named files, use this command at root of share :<\/p>\n find . -exec rename -v ‘s\/[^\\x00-\\x7F]\/\/g’ \u00ab\u00a0{}\u00a0\u00bb \\;<\/p>\n find . -name \u00ab\u00a0*’*\u00a0\u00bb -exec rename \u00ab\u00a0s\/\\’\/_\/\u00a0\u00bb {} \\;<\/p>\n <\/p>\n server config file : client config file :<\/p>\n ca ca.crt pull-filter ignore redirect-gateway<\/p>\n","protected":false},"excerpt":{"rendered":" openvpn to create a vpn or to connect yum install openvpn easy-rsa http:\/\/damiengustave.fr\/mise-en-place-dun-vpn-avec-openvpn-2-3-et-easy-rsa-3\/ for server : cd \/etc\/openvpn\/ Choose TCP (mobile connection issue with udp) copy easy_rsa scripts cp -Rp \/usr\/share\/easy-rsa\/3\/ easy-rsa generate pki and CA: .\/easyrsa init-pki .\/easyrsa build-ca generate tsl key for connection : openvpn –genkey –secret ta.key generate server key : .\/easyrsa … Continuer la lecture de Openvpn and Co<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-non-classe"],"_links":{"self":[{"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/posts\/186"}],"collection":[{"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/comments?post=186"}],"version-history":[{"count":13,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/posts\/186\/revisions"}],"predecessor-version":[{"id":260,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/posts\/186\/revisions\/260"}],"wp:attachment":[{"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/media?parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/categories?post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.brunocsmartin.fr\/index.php\/wp-json\/wp\/v2\/tags?post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}cd \/etc\/openvpn\/<\/code><\/p>\ncp -Rp \/usr\/share\/easy-rsa\/3\/ easy-rsa<\/code><\/p>\n.\/easyrsa init-pki<\/code><\/p>\n.\/easyrsa build-ca<\/code><\/p>\n
\nopenvpn --genkey --secret ta.key<\/code><\/p>\n.\/easyrsa gen-req server nopass<\/code><\/p>\n.\/easyrsa sign-req server server<\/code><\/p>\n.\/easyrsa gen-req client1 nopass<\/code><\/p>\n.\/easyrsa sign-req client client<\/code><\/p>\n.\/easyrsa gen-crl<\/code><\/p>\nopenssl dhparam -out \/etc\/openvpn\/ssl\/dh.pem 2048<\/code><\/p>\nmount -t cifs \/\/10.8.0.1\/public \/mnt\/cifs -o username=bmartin,password=XXX<\/code><\/p>\n
\n[impacte]
\ncomment = Imp'Acte
\npath = \/home\/impacte
\nvalid users = bmartin acdremont jpereira
\nwritable = yes
\nprintable = no
\ngroup = impacte
\n<\/code><\/p>\n
\n~#cat \/etc\/openvpn\/server.conf | egrep -v \"(^#.*|^;.*|^$)\"
\nport 1196
\nproto udp
\ndev tun
\nca ca.crt
\ncert server.crt
\nkey server.key # This file should be kept secret
\ndh dh2048.pem
\ntopology subnet
\nserver 10.8.0.0 255.255.255.0
\nifconfig-pool-persist ipp.txt
\npush \"redirect-gateway def1 bypass-dhcp\"
\npush \"dhcp-option DNS 8.8.8.8\"
\npush \"dhcp-option DNS 8.8.4.4\"
\nclient-to-client
\nkeepalive 10 120
\ntls-auth ta.key 0 # This file is secret
\ncipher AES-256-CBC
\nuser nobody
\ngroup nobody
\npersist-key
\npersist-tun
\nstatus openvpn-status.log
\nlog-append \/var\/log\/openvpn.log
\nverb 3
\nexplicit-exit-notify 1
\nremote-cert-eku \"TLS Web Client Authentication\"
\npersist-key
\npersist-tun
\nca ca.crt
\ncert server.crt
\ncomp-lzo adaptive
\ndev tun
\nifconfig-pool-persist server-ipp.txt 0
\nkeepalive 10 120
\nkey server.key
\ntls-auth ta.key 0
\ncipher AES-256-CBC
\nauth SHA512
\ntls-version-min 1.2
\ntls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
\nport 1194
\nproto udp
\nverb 3
\ncrl-verify crl.pem
\n<\/code><\/p>\n
\n~# cat \/etc\/openvpn\/client\/client.conf
\nclient
\ndev tun
\nproto udp
\nport 1194
\nremote openvpn.brunocsmartin.fr 1194 udp
\nremote-cert-tls server
\nresolv-retry infinite
\nnobind
\npersist-key
\npersist-tun
\ncomp-lzo
\nverb 3
\ncipher AES-256-CBC
\nauth SHA512
\ntls-version-min 1.2
\ntls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384<\/code><\/p>\n
\ncert vps_rpi32.crt
\nkey vps_rpi32.key
\ntls-auth ta.key 1
\nkey-direction 1<\/p>\n