Wiki de grifon

Outils pour utilisateurs

Outils du site

Piste :
reseau:openvpn

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

reseau:openvpn [2018/05/04 18:49] – créée - modification externe 127.0.0.1reseau:openvpn [2025/11/07 15:14] (Version actuelle) evann
Ligne 3: Ligne 3:
 Pour la faire simple, c’est globalement le bordel. On a commencé à fournir des VPNs alors que l’on avait pas encore de plan d’adressage, du coup on a des /32 hors du /27 de VPN qui se baladent. C’est pour cela que l’on a de l’[[reseau:bgp:ibgp|iBGP]] vers [[machines:grifon:nominoe]]. \\ Pour la faire simple, c’est globalement le bordel. On a commencé à fournir des VPNs alors que l’on avait pas encore de plan d’adressage, du coup on a des /32 hors du /27 de VPN qui se baladent. C’est pour cela que l’on a de l’[[reseau:bgp:ibgp|iBGP]] vers [[machines:grifon:nominoe]]. \\
 Nous remarquerons que ça ne dérange pas du tout OpenVPN d’avoir des IPs en dehors de son /27. Nous remarquerons que ça ne dérange pas du tout OpenVPN d’avoir des IPs en dehors de son /27.
 +
 +===== PKI =====
 +
 +On utilise la CA de grifon (dispo sur [[machines:grifon:rda]]), le certificat est vallable un an et pour le signer:
 +
 +<file>
 +openssl x509 -req -days 365 -in /etc/ssl/local_grifon/services/vpn.grifon.fr.csr -out /etc/ssl/local_grifon/services/vpn.grifon.fr.crt -CA /etc/ssl/local_grifon/rootCA/rootCA.crt -CAkey /etc/ssl/local_grifon/rootCA/rootCA.key -CAcreateserial -CAserial /etc/ssl/local_grifon/rootCA/rootCA.srl 
 +</file>
 +
 +
  
 ===== Configuration serveur ===== ===== Configuration serveur =====
Ligne 225: Ligne 235:
 remote-random remote-random
 resolv-retry infinite resolv-retry infinite
-remote-cert-tls server 
 route-delay 2 route-delay 2
 nobind nobind
Ligne 250: Ligne 259:
 <ca> <ca>
 -----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
-MIIGdDCCBFygAwIBAgIJAKk3963Ys0HlMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +MIIKDzCCBfegAwIBAgIJAOK5QArwwnBEMA0GCSqGSIb3DQEBCwUAMIGdMQswCQYD 
-VQQGEwJGUjERMA8GA1UECBMIQnJldGFnbmUxFzAVBgNVBAcTDkNlc3NvbiBTZXZp +VQQGEwJGUjERMA8GA1UECAwIQnJldGFnbmUxFzAVBgNVBAcMDkNlc3NvbiBTZXZp 
-Z25lMQ8wDQYDVQQKEwZHUklGT04xDDAKBgNVBAsTA1ZQTjEWMBQGA1UEAxMNdnBu +Z25lMQ8wDQYDVQQKDAZHUklGT04xETAPBgNVBAsMCFNlcnZpY2VzMRwwGgYDVQQD 
-LmdyaWZvbi5mcjEQMA4GA1UEKRMHT3BlblZQTjAeFw0xNTExMDkyMDA0MzFaFw0y +DBNjb25zdGFuY2UuZ3JpZm9uLmZyMSAwHgYJKoZIhvcNAQkBFhFjb250YWN0QGdy 
-NTExMDYyMDA0MzFaMIGCMQswCQYDVQQGEwJGUjERMA8GA1UECBMIQnJldGFnbmUx +aWZvbi5mcjAeFw0xODAyMTIyMjIzMzdaFw0yODAyMTAyMjIzMzdaMIGdMQswCQYD 
-FzAVBgNVBAcTDkNlc3NvbiBTZXZpZ25lMQ8wDQYDVQQKEwZHUklGT04xDDAKBgNV +VQQGEwJGUjERMA8GA1UECAwIQnJldGFnbmUxFzAVBgNVBAcMDkNlc3NvbiBTZXZp 
-BAsTA1ZQTjEWMBQGA1UEAxMNdnBuLmdyaWZvbi5mcjEQMA4GA1UEKRMHT3BlblZQ +Z25lMQ8wDQYDVQQKDAZHUklGT04xETAPBgNVBAsMCFNlcnZpY2VzMRwwGgYDVQQD 
-TjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKl+DCOmB7u/mphT9Pbj +DBNjb25zdGFuY2UuZ3JpZm9uLmZyMSAwHgYJKoZIhvcNAQkBFhFjb250YWN0QGdy 
-91F5KviclWxw1gT1GglbHizfNFomJ9i4xBWO7hBP7x+HtgAnOb9/KSjFRADq9gMo +aWZvbi5mcjCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAOGDncASqaSz 
-ay+NULkMH/+sDr8AdNGOD1wZU0bpkmqGWRgLZpTHc9uMP0RTmpFFYecFAPJeY6U2 +1JWHt3Vzza5DrgFxkaS5o4SXaTZHjbeq6SlXzXgDgeee8m4/zon8XcIN9BifLIyD 
-uRuIPZSkbYRZxnlSbKMidV/w4e1PVv30hpr0x7Y6Ded3lr+RUbWYpSGeNn89bM8y +Mt6VK5SHr+2Z14yiMau9rY6LFQlNdaSl9POcintieqqyxmy5g/AepntbX+dYGemY 
-xZjUCxPaX73mKfLg4gaXVwKOn/50KESKhaE/BHdkKIE9WKpL48ireIYf4TFQuWTs +4X2FBD0CawyPEp19opSDqqV5Wf6kwBZgfb1SVveyFeJLMx7xiRSP9Lt3rKPWH8Jr 
-FQW3KNlGc10Wql6FE+uxoeK7vv3/Hnf6bYW/IrCj3Fv82ZVBSja6Zrhul4g6PeHN +cXepYvroW2MNZ6D7MQDnBhXgaVbuwZxZnZrOpzah2hE5J1PAFj4XcJjL9ZcDQCO5 
-Vx6ccnj3ZoofIw3j3UauX14iABIjo5GWAI79TbDR+JzKSp6fnV0P3wJevg3WXr3B +RVxn4nWVjSEQ+xO2j02Imwivl2yIDy2G6OZKeqoABFKJDzpsHG5Kq3DfocUIUgeb 
-5bpUmnC2B88GS1irKk7DgA6lIqu+GNck1RHsJf6+heVvGdXFvyFb27OKEA3E/A9O +uBguk8pruIaIHUOHIR8wrxnbIp4m/pRJN/M0RBngRMruaiHdjt+H9wmuDq1goa8L 
-/IXCDykmPdXe0m89dcGMDbQPRm6xNdZB7zd22XqHsDjQxVbocFgVhdrIVBU4e60G +fXjn25m9xbJ1w0U3ima0gJRBOjEZe1OMTgjQ/qtkTgBZ64UlP19sq3ebRoh1V284 
-vJteANqKPf8ZcjWOdVnJ6cNtJPXy4n9aYQBZuQLZ+PvLFgWiGv8S+mSQdaaD09yq +rQpu/Gn1J1zlH7fBtLDS8bGu9xEWY2Ny9nqG1A2e/+vAb/NcJJrrhbyJ7+3RqSTZ 
-GBSUAZrJhRcRzNuwjo6QZwmiFBsjb15PRRbU7W52r6LZCBzuanPqilRyVpQOp6bE +LQm8NGLH1F3Rshl7YRKbxNznXHi+/P0AuF+kDfLkSgd0Xto5BZWVQaOcqXEGSQBo 
-I4bQ6VY3CdEdGBvJTmqqx/NBAgMBAAGjgeowgecwHQYDVR0OBBYEFFcYN1/t1Ad2 +f4qMpnSEJRjrPYEDRgB32QKfqJy5svJ4pFt+Y1Z5oFItJhTIiruaN0ygENbw1tHq 
-JBC13HUULwzxx6xmMIG3BgNVHSMEga8wgayAFFcYN1/t1Ad2JBC13HUULwzxx6xm +NoMVzWXMD2nsExc5U+0DyiCqKhEngGJoHz6wuNVt4BjqUESWVejbYTZXypynZKHh 
-oYGIpIGFMIGCMQswCQYDVQQGEwJGUjERMA8GA1UECBMIQnJldGFnbmUxFzAVBgNV +kz2mH37/gZsYKCPXTc0LHoUkILyhXHQ+fFbapX8j1Cp1Urt5z17Vtpt8jJU9ocvL 
-BAcTDkNlc3NvbiBTZXZpZ25lMQ8wDQYDVQQKEwZHUklGT04xDDAKBgNVBAsTA1ZQ +ivUB9T+aiKTPzFhj1Qivrg4fa1FGzqpvXlPl7l7TpGt4XIlwi50zYtiadVxZzzLy 
-TjEWMBQGA1UEAxMNdnBuLmdyaWZvbi5mcjEQMA4GA1UEKRMHT3BlblZQToIJAKk3 +rK0F4HV4XWVsX5tgLTF0kWWhDawJxRvPcDvDWVtChPKEP4WMel43Hn/CKsmeUQTt 
-963Ys0HlMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBACKBlt74LoNg +SXamC0Y3GwF2OXV2X79Ey0qHRLWzngVXydGU8MA7HEPH/PsB/eaHh1KiIkTK/oPn 
-+PC1hvvTofrOtaVZVN4qyp7JRVQB3FNvFYWaFtYikIVRu+GM/7PmsECh5c2ZSU2J +KD6iyijAo/SlrFy2BW/TPD9C0n4gNVu4x/Sisuo/+bEEboK9I/pCr31IbIO8FByW 
-U5w9sERzn3lh4ixTwArcJyt2rqIVKoX9lCiLcrCin1G/w6t+mXKIbKdrihG2bYYK +eApz/MpyaKqhdTXcdYLjqczDFQ9JgvrVwtrHV4u8osc9IFt6lPCevkOwxd/zHZeR 
-dCKmC0Ua5r8yfdhjvgIWeJ2t6UI+31SWeZSxY5O7t6DTtaABx21KuCAEgxsAjNyk +NyimWao5ksC//Ymhip9fJD5IniVJ7flgukUxtMw+fXeYnQaKXPisBQA+Sizbkhaf 
-Q94KKWP2dqwGDCtCf4cBnSszzV/k0wy8JUgRCu1ybAj2H5n6O6JLbLY3/DE2cq4T +vETkpTGIvzcRxG6WH09HFHhNT1P+i77WmEUzvsUtN3Se4rTapli20bGI6hKLaxLp 
-wiWwq2w0gE8d2aEhqLAM4Dnl8hj8hJzaCj1zbda+DzrdBJJTwk8dX51gXxVAfgw9 +lOkz4rgH/M8TbH1gH5VXabdDmr76fA0299hxlKZbqMVJWjWDVGOCYmJVZ4QC+wa3 
-3keZeI7UKEpCbb3hIeVK3r5E1DsVvgE6yfSzlfGBlY1nyA0G8/Q6+2k3WJjdY5lm +Hgmnlm1Ap1fy7plxFcLfac5UZeH4Udft5bGesELVB5tbSRr8DHzk2vPs7IT+OJOU 
-cZ3LerCNeXZfVELpwlMdj0q+/m2HnZKxIqKScEjZSwxt+go9sdvoz2EZVjtp3iB8 ++9116IJrrcMCAwEAAaNQME4wHQYDVR0OBBYEFIss7clU/fZok+pCJR9mo/x0cIiC 
-YziO3VvnrrOsKBy8RLAKXpm+x5CP4uX48Qv1sqDaEvSZzuh704QJMfUekoeDHR3L +MB8GA1UdIwQYMBaAFIss7clU/fZok+pCJR9mo/x0cIiCMAwGA1UdEwQFMAMBAf8w 
-M3mqrq2nDUJuKwtOb1pGJgDkMeKSj7IZNQQgVSDx2F/frDArhyEv+b/+VLnd9IUp +DQYJKoZIhvcNAQELBQADggQBACQaVYISQQfNEG7xzE2dIVmeLJOv4x25OF9qHItB 
-QK/w37xqNHPIj02Mrr9D2cHcKRLnubd1YuWcazNqvnSKXXeJoNvpj9L6pYtWoHMg +yCL4JykdFVv1gDCVHZeHkvwXuvwID5bHMYhlA5ilv7c+SfyXp9Js20agMSgFk8dY 
-2kSONme/cdZptUNl2KZzs+xYBeyUPSRE+9w/UlYs0V4ENc8V3kbhTcTtOml6x4DHNfmFwm169r9U+WuW7uebQCTOmhck0JXR+ 
 +duLBDaxdYO93yMQlvtL8JetToyIXb2HFLFYg/SDDTpf/5FQW16I239H63oPSgzPz 
 +jUKNNNtz9BDOrGfBQK+Pn+913slIvfk3zJUDbDk8ziDsF35SlmNGDbob4F8pV532 
 +yfU1+guzsroP45e1Nw9uoS8nfRibn+b4E9AAMd7lrJNtWNaEukQNHTT9PNxwNlwq 
 +4e3w7Sj+509new8GGw5cZPrJmepKXXbu9RnkduWCQGIkLn7Qfq96rVr9wY6nlpoQ 
 +25o/5egQuDukpkNgLsGO8soL97EUGWJndjacZ4UAhxZ3StY6fgwXnRf6RbVKb0jJ 
 +7v2IuMXQoWjPBkyn6DEh8sur7sSP5Gx+H0ybnb6IrBplxttNglr0JKUPopqoIzv+ 
 +bxMY8M+L0gWNOw2FoFdPAXYUSvqSk0AfbGsZS/rQcMyyYgVWmHFoodmUP1+fnhhK 
 +f3VN7eBrwyPxSJuft6pObrhn0F6zVig63o4wWo5T7+TYQHWLyd71KdjQeJFYM1Tu 
 +GptQz53VahJqtxOImAr3hV5emRz/kMv51sMfSSevVqH0Gorm0uqQzfusIxMYGVWv 
 +zAVkFUkDNupr1rY4zs978HHS8xQ6KAaJLtuVvhSj4gc+R56vGGyCyUoFezx6mO2w 
 +4wbL0Jmi/B1rffgSc7Z2fV+ZC7eCHRpudizp3yg7IL5o/Ucx8su1yi/StprDPj2j 
 +Ih7FZnEXiyD6b1qDltUv02vr60S5WNFVcw5BSiWoa4U5oBT2WiACznmIoUfxAzG9 
 +5Squy1BT9Eih+sGop5KKYdbb+hy/UDTEEMR8eRXvTF/eKqISv44f+wtuL+vwOqzO 
 +hX8Px9gqIxZAEuFLye+Ya4D9t0vcK2SCy+xFt+kYDIeNIu1mq7gGPKpBJYgK5esx 
 +2EzTzW8MjWTXoxZ3L3BShX2c/Lk6/ugnIS1t3LgUsFa6Uivg+MBl+580wV7+2V1Y 
 +B/taG0gSDRTYrASRPAgOMdSKcGf8jY23g8ZdEzwSik5Oq5ZPDOvXvkfsBZb03LnK 
 +MJGwPDCtEQMTW031HEbeg/jJNsbzqP1gM+SCMcqENCO7lYryFxATAiPZL0ojrpQM 
 +LoVqgm83M/ZU3KMR/R/hls4KfFe6PQUINeCnCWjLFYsvVHrg7dDZxEB3Noap3e64 
 +WClNgjuS6MkKiNIseP19YDt20OSIyOU+jReJydZO93BoyPc=
 -----END CERTIFICATE----- -----END CERTIFICATE-----
 </ca> </ca>
reseau/openvpn.txt · Dernière modification : de evann