¡Esta es una revisión vieja del documento!
Generación de una nueva cuenta VPN
Dentro de srv-firewall (A.K.A. gorgoroth o firewall) nos introducimos en la carpeta de los ficheros de conf de OpenVPN.
$ cd /etc/openvpn/easy-rsa/2.0
Ejecutamos el script de generación de claves para el usuario:
$ source ./vars $ ./build-key USUARIO*
* El usuario consiste en el primer caracter del identificador nombre seguido del apellido, (eje. Mikel Blanco ⇒ mblanco)
nos hará una serie de cuestiones que procederemos a contestar con lógica:
gorgoroth:/etc/openvpn/easy-rsa/2.0# ./build-key mblanco Generating a 1024 bit RSA private key ............................................++++++ ..........................++++++ writing new private key to 'mblanco.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:ES State or Province Name (full name) [CA]:Bi Locality Name (eg, city) [SanFrancisco]:Bilbao Organization Name (eg, company) [Fort-Funston]:Merkatu Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) [mblanco]: Email Address [me@myhost.mydomain]:mblanco@merkatu.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'ES' stateOrProvinceName :PRINTABLE:'Bi' localityName :PRINTABLE:'Bilbao' organizationName :PRINTABLE:'Merkatu' commonName :PRINTABLE:'mblanco' emailAddress :IA5STRING:'mblanco@merkatu.com' Certificate is to be certified until May 1 14:07:36 2020 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated