Yeah well, that gives me the following:
Code: Select all
init-pki
build-ca [ cmd-opts ]
gen-dh
gen-req <filename_base> [ cmd-opts ]
sign-req <type> <filename_base>
build-client-full <filename_base> [ cmd-opts ]
build-server-full <filename_base> [ cmd-opts ]
revoke <filename_base> [cmd-opts]
renew <filename_base> [cmd-opts]
build-serverClient-full <filename_base> [ cmd-opts ]
gen-crl
update-db
show-req <filename_base> [ cmd-opts ]
show-cert <filename_base> [ cmd-opts ]
show-ca [ cmd-opts ]
import-req <request_file_path> <short_basename>
export-p7 <filename_base> [ cmd-opts ]
export-p12 <filename_base> [ cmd-opts ]
set-rsa-pass <filename_base> [ cmd-opts ]
set-ec-pass <filename_base> [ cmd-opts ]
That doesn't help me as these two seem to be the only commands to build the pki for server and client:
Code: Select all
build-client-full <filename_base>
build-server-full <filename_base>
Am I missunderstanding something?
Edit:
The README.quickstart.md in the easyrsa folder says:
Changing private key passphrases
--------------------------------
RSA and EC private keys can be re-encrypted so a new passphrase can be supplied
with one of the following commands depending on the key type:
./easyrsa set-rsa-pass EntityName
./easyrsa set-ec-pass EntityName
Optionally, the passphrase can be removed completely with the 'nopass' flag.
Consult the command help for details.
Is that the way I can get over the issue, that I have to type in the password when starting the OpenVPN server?
Edit 2:
Got rid of the passwort prompt on server startup by:
Code: Select all
./easyrsa set-rsa-pass server nopass
./easyrsa gen-crl
Also got it to work via WAN and LAN.
Edit 3:
Well, I am able to connect my smartphone to the OpenVPN server via LAN and WAN but I am not able to access the internet or other devices in the network. I read, this issue might be caused if the IP subnet at home is the same as the one the client is connected to. But as my subnet at home is 192.168.10.X I guess that's not the point.
Can someone have a look at my server.conf and client.conf, if I have done something wrong here?
Code: Select all
dev tun
proto udp
port PORT
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
keepalive 10 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
max-clients 2
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto udp
remote DynDNSAddress PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
cipher AES-256-CBC
verb 3
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
abcdefghijklmnopqrstuvwxyz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
abcdefghijklmnopqrstuvwxyz
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
abcdefghijklmnopqrstuvwxyz
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
abcdefghijklmnopqrstuvwxyz
-----END OpenVPN Static key V1-----
</tls-crypt>