Configuring OpenVPN to Use Certificates
Open the configuration file in your favorite editor; of course you may also use Notepad:
 |
All you have to do here is put # in front of the entry secret key.txt, which we adapted in our last chapter, and add the following five entries:
|
Entry in config file |
Function |
|
|
OpenVPN will run in TLS-server mode (on a client you will have to add TLS-client) |
|
|
Use the Diffie-Hellman key stored in |
|
|
Use the CA certificate in |
|
|
Use my certificate in |
|
|
Use my key in |
In my test-bed network, where the local net is 10.10.10.0/24, and the tunnel network is 10.3.0.0/24, the simplest possible configuration file (C:\\ProgramFiles\OpenVPN\config\sample.ovpn on Windows) for an X509-enabled OpenVPN server is:
dev tap ifconfig 10.3.0.1 255.255.255.0 tls-server dh keys/dh2048.pem ca keys/ca.crt cert keys/VPN-Server...
