https://oldwiki.funkfeuer.at/index.php?action=history&feed=atom&title=OpenVPN_f%C3%BCr_das_private_Netz
OpenVPN für das private Netz - Versionsgeschichte
2026-04-28T00:11:36Z
Versionsgeschichte dieser Seite in FunkFeuer Wiki
MediaWiki 1.22.5
https://oldwiki.funkfeuer.at/index.php?title=OpenVPN_f%C3%BCr_das_private_Netz&diff=12364&oldid=prev
Haha am 20. Januar 2012 um 20:57 Uhr
2012-01-20T20:57:31Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Nächstältere Version</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Version vom 20. Januar 2012, 20:57 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno">Zeile 122:</td>
<td colspan="2" class="diff-lineno">Zeile 122:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[<del class="diffchange diffchange-inline">Category:Dokumentation</del>]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> zurück zu wiki_funkfeuer_at<br></ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[<del class="diffchange diffchange-inline">Category:Software</del>]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> < </ins>[[<ins class="diffchange diffchange-inline">Startseite|Startseite</ins>]] <ins class="diffchange diffchange-inline">> < </ins>[[<ins class="diffchange diffchange-inline">0xff_Backfire-Vienna-Startseite|Backfire-Vienna</ins>]] <ins class="diffchange diffchange-inline">> < </ins>[[<ins class="diffchange diffchange-inline">0xff_Backfire-Vienna-Standards|Standards</ins>]] <ins class="diffchange diffchange-inline">> < </ins>[[<ins class="diffchange diffchange-inline">0xff_Backfire-Vienna-Installation|Installation</ins>]] <ins class="diffchange diffchange-inline">> < [[0xff_Backfire-Vienna-Weiterführendes|Weiterführendes]] > < [[0xff_Backfire-Vienna-Aktivitäten|Aktivitäten]] > < [[0xff_Backfire-Vienna-Index|Index]] ></ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[<del class="diffchange diffchange-inline">Category:VPN</del>]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">----</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[<del class="diffchange diffchange-inline">Category:HowTo</del>]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><google>WIKI</google></ins></div></td></tr>
<!-- diff cache key www_oldwiki:diff:version:1.11a:oldid:8955:newid:12364 -->
</table>
Haha
https://oldwiki.funkfeuer.at/index.php?title=OpenVPN_f%C3%BCr_das_private_Netz&diff=8955&oldid=prev
Buntesheer am 3. Februar 2009 um 00:47 Uhr
2009-02-03T00:47:15Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Nächstältere Version</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Version vom 3. Februar 2009, 00:47 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno">Zeile 120:</td>
<td colspan="2" class="diff-lineno">Zeile 120:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Der Server und das geNATete private Netz hinter der Linksys sind dann auf Layer 2 verbunden.'''</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Der Server und das geNATete private Netz hinter der Linksys sind dann auf Layer 2 verbunden.'''</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Dokumentation]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Software]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:VPN]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:HowTo]]</ins></div></td></tr>
<!-- diff cache key www_oldwiki:diff:version:1.11a:oldid:8077:newid:8955 -->
</table>
Buntesheer
https://oldwiki.funkfeuer.at/index.php?title=OpenVPN_f%C3%BCr_das_private_Netz&diff=8077&oldid=prev
Gregor: Zusammenfassung
2007-11-03T19:49:58Z
<p>Zusammenfassung</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Nächstältere Version</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Version vom 3. November 2007, 19:49 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno">Zeile 118:</td>
<td colspan="2" class="diff-lineno">Zeile 118:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   brctl addif br0 tap0</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   brctl addif br0 tap0</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   ifconfig tap0 0.0.0.0 promisc up</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   ifconfig tap0 0.0.0.0 promisc up</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">'''Der Server und das geNATete private Netz hinter der Linksys sind dann auf Layer 2 verbunden.'''</ins></div></td></tr>
<!-- diff cache key www_oldwiki:diff:version:1.11a:oldid:8076:newid:8077 -->
</table>
Gregor
https://oldwiki.funkfeuer.at/index.php?title=OpenVPN_f%C3%BCr_das_private_Netz&diff=8076&oldid=prev
Gregor: OpenVPN-Anbindung des privaten Netzes an einen Server
2007-11-03T19:47:58Z
<p>OpenVPN-Anbindung des privaten Netzes an einen Server</p>
<p><b>Neue Seite</b></p><div>== Server ==<br />
unter Gentoo-Linux [http://de.gentoo-wiki.com/Openvpn aus dem Gentoo-Wiki]:<br />
<br />
emerge -av net-misc/openvpn<br />
<br />
Kernel-config:<br />
<br />
Device Drivers ---><br />
Network device support ---><br />
<M> Universal TUN/TAP device driver support<br />
<br />
Zertifikate etc:<br />
<br />
cp -r /usr/share/openvpn /etc<br />
<br />
* /etc/openvpn/easy-rsa/vars anpassen<br />
<br />
cd /etc/openvpn/easy-rsa<br />
source vars # nach jeder Änderung in "vars" muss die Datei "gesourced" werden.<br />
./clean-all # evtl. vorhandene Zertifikatsdateien in KEY_DIR werden gelöscht!!<br />
./build-ca --pass # Zugriff auf CA-Private-Key wird durch ein Passwort geschützt<br />
# Passwort -> kein triviales Kennwort verwenden!<br />
# "Organizational Unit Name" -> leer lassen<br />
ls /etc/openvpn/easy-rsa/keys/ca* # ca.crt (Zertifikat) ca.key (Private-Key)<br />
openssl x509 -in /etc/openvpn/easy-rsa/keys/ca.crt -text -noout | less # Zertifikat prüfen<br />
openssl rsa -in /etc/openvpn/easy-rsa/keys/ca.key -text -noout | less # Key anschauen<br />
<br />
./build-key-server xyz-Server # xyz-Server: individuelle, aber "anonyme" Bezeichnung<br />
# "challenge password" -> leer lassen<br />
# "An optional company name" -> leer lassen<br />
# "Sign the certificate? [y/n]" -> y<br />
# "1 out of 1 certificate requests certified, commit?" -> y<br />
rm /etc/openvpn/easy-rsa/keys/server.csr # wird nicht benötigt, da Key/Zertifikat zugleich erstellt werden<br />
ls /etc/openvpn/easy-rsa/keys/server.* # server.crt server.key<br />
# Ersetze "server" durch den gewählten Common Name (z.B. "xyz-Server.csr").<br />
<br />
./build-key client1 # Angaben analog zum Server-Zertifikat<br />
rm /etc/openvpn/easy-rsa/keys/client1.csr # wird nicht benötigt, da Key/Zertifikat zugleich erstellt werden<br />
ls /etc/openvpn/easy-rsa/keys/client1.* # client1.crt client1.key<br />
<br />
./build-dh # dauert ca. 5-10 min., je nach KEY_SIZE in "vars"<br />
ls /etc/openvpn/easy-rsa/keys/dh* # dh2048.pem (bzw. dh1024.pem, je nach KEY_SIZE)<br />
<br />
openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key<br />
ls /etc/openvpn/easy-rsa/keys/ta.key # ta.key<br />
<br />
cd /etc/openvpn/easy-rsa/keys<br />
cp ca.crt ta.key dh2048.pem server.* /etc/openvpn/<br />
scp ca.crt ta.key client1.* 88.88.88.1:/etc/openvpn/<br />
# klappt nur, wenn auf NAT-Router1 Portforwarding von Port tcp/22 zum Client aktiviert ist<br />
<br />
groupadd openvpn<br />
useradd -d /dev/null -g openvpn -s /bin/false openvpn<br />
mkdir /etc/openvpn/chroot<br />
<br />
/etc/openvpn/openvpn.conf:<br />
<br />
proto udp<br />
dev tap<br />
port 1194<br />
ca /etc/openvpn/ca.crt<br />
cert /etc/openvpn/Arecibo.crt<br />
key /etc/openvpn/Arecibo.key<br />
dh /etc/openvpn/dh1024.pem<br />
tls-auth /etc/openvpn/ta.key 0 # "0" beim VPN-Server, "1" bei VPN-Clients<br />
server 10.8.0.0 255.255.255.0<br />
ifconfig-pool-persist /etc/openvpn/ipp.txt<br />
keepalive 10 120<br />
user openvpn<br />
group openvpn<br />
persist-key<br />
persist-tun<br />
resolv-retry infinite<br />
status /etc/openvpn/openvpn-status.log<br />
chroot /etc/openvpn/chroot<br />
push "route 192.168.1.129 255.255.255.255"<br />
verb 4<br />
<br />
openvpn starten<br />
<br />
/etc/init.d/openvpn start<br />
<br />
virtuelles Interface mit privater IP erstellen:<br />
<br />
ifconfig tap0:1 192.168.1.129 up<br />
<br />
== Client ==<br />
Linksys mit Freifunk-Firmware<br />
<br />
ipkg install openvpn-ssl-nolzo<br />
<br />
Die am Server erstellten Schlüssel und Zertifikate kopieren<br />
<br />
/etc/openvpn/openvpn.conf<br />
<br />
proto udp<br />
dev tap<br />
port 1194<br />
local 193.238.156.64 <br />
remote arecibo.funkfeuer.at <br />
ca /etc/openvpn/ca.crt <br />
cert /etc/openvpn/sie8omni.crt<br />
key /etc/openvpn/sie8omni.key <br />
dh /etc/openvpn/dh1024.pem <br />
tls-auth /etc/openvpn/ta.key 1 # "0" beim VPN-Server, "1" bei VPN-Clients<br />
client <br />
keepalive 10 120 <br />
persist-key <br />
persist-tun <br />
resolv-retry infinite <br />
verb 4 <br />
<br />
/etc/init.d/S92openvpn<br />
<br />
#!/bin/sh<br />
openvpn --config /etc/openvpn/openvpn.conf --daemon areciboconnect<br />
sleep 10<br />
brctl addif br0 tap0<br />
ifconfig tap0 0.0.0.0 promisc up</div>
Gregor