{"id":2024,"date":"2018-05-18T20:53:18","date_gmt":"2018-05-18T11:53:18","guid":{"rendered":"https:\/\/pandanote.info\/?p=2024"},"modified":"2022-04-12T12:00:52","modified_gmt":"2022-04-12T03:00:52","slug":"openvpn%e3%81%a7%e3%82%af%e3%83%a9%e3%82%a6%e3%83%89%e3%82%b5%e3%83%bc%e3%83%90%e3%81%a8%e8%87%aa%e5%ae%85%e3%81%aelinux%e3%82%b5%e3%83%bc%e3%83%90%e3%81%ae%e9%96%93%e3%82%92vpn%e3%81%a7%e6%8e%a5","status":"publish","type":"post","link":"https:\/\/pandanote.info\/?p=2024","title":{"rendered":"OpenVPN\u3067\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u3068\u81ea\u5b85\u306eLinux\u30b5\u30fc\u30d0(?)\u306e\u9593\u3092VPN\u3067\u3068\u308a\u3042\u3048\u305a\u63a5\u7d9a\u3057\u3066\u307f\u305f\u3002"},"content":{"rendered":"<h2>\u306f\u3058\u3081\u306b<\/h2>\n<p>\u81ea\u5b85\u3067Linux\u30b5\u30fc\u30d0(?)\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u3044\u305f\u5c0f\u578bPC(AOpen MP67-D\u3001\u4ee5\u4e0b\u5358\u306b\u300c\u5c0f\u578bPC\u300d\u3068\u66f8\u304d\u307e\u3059\u3002)\u3092Intel NUC(NUC7i5BNH\u3001\u4ee5\u4e0b\u5358\u306b\u300c<a href=\"https:\/\/amzn.to\/2PrT3ue\">NUC<\/a>\u300d\u3068\u66f8\u304d\u307e\u3059\u2193)<\/p>\n<p><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"https:\/\/rcm-fe.amazon-adsystem.com\/e\/cm?ref=qf_sp_asin_til&#038;t=karen99-22&#038;m=amazon&#038;o=9&#038;p=8&#038;l=as1&#038;IS2=1&#038;detail=1&#038;asins=B01N2UMKZ5&#038;linkId=764dfa06b2b31fda2e103f3408337f69&#038;bc1=000000&amp;lt1=_top&#038;fc1=333333&#038;lc1=0066c0&#038;bg1=ffffff&#038;f=ifr\"><br \/>\n    <\/iframe><\/p>\n<p>\u3068\u4ea4\u63db\u3059\u308b\u3079\u304f\u3001\u4ed5\u4e8b\u3084\u8cb7\u3044\u7269\u306e\u5408\u9593\u3092\u7e2b\u3063\u3066\u30c7\u30fc\u30bf\u7b49\u306e\u79fb\u884c\u4f5c\u696d\u304c\u5927\u597d\u8a55\u9032\u884c\u4e2d(2018\u5e745\u6708\u73fe\u5728)\u3067\u3059\u3002<\/p>\n<p>\u305d\u3053\u3067\u3001\u30c7\u30fc\u30bf\u79fb\u884c\u306e\u3064\u3044\u3067\u306b\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u3068\u81ea\u5b85\u306eNUC\u306e\u9593\u306eVPN\u3092OpenVPN\u3092\u4f7f\u3063\u3066\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u306fOpenVPN\u306e\u8a2d\u5b9a\u3084\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u65b9\u6cd5\u306b\u3064\u3044\u3066\u66f8\u3044\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<h2>\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u5074\u3067\u306eOpenVPN\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p>OpenVPN\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092root\u6a29\u9650\u3067\u5b9f\u884c\u3059\u308b\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u304d\u307e\u3059\u3002<\/p>\n<div class=\"code\"># dnf install openvpn<\/div>\n<p>&nbsp;<\/p>\n<h2>easy-rsa-3.0.5\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<\/h2>\n<p><a href=\"https:\/\/github.com\/OpenVPN\/easy-rsa\">GitHub<\/a>\u304b\u3089easy-rsa-3.0.5\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092ZIP\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002ZIP\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u3089\u3001\u305d\u308c\u3092\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u4e0a\u306e\u9069\u5f53\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u5c55\u958b\u3057\u307e\u3059\u3002\u3059\u308b\u3068\u3001easy-rsa-3.0.5\u3068\u3044\u3046\u540d\u524d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u4f5c\u3089\u308c\u3066\u3001\u305d\u306e\u4e0b\u306b\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u5c55\u958b\u3055\u308c\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easy-rsa-3.0.5]$ ls -l<br \/>\n\u5408\u8a08 24<br \/>\n-rw-rw-r&#8211;. 1 panda panda 1305  2\u6708 27 00:29 COPYING.md<br \/>\n-rw-rw-r&#8211;. 1 panda panda 3231  2\u6708 27 00:29 ChangeLog<br \/>\n-rw-rw-r&#8211;. 1 panda panda  160  2\u6708 27 00:29 KNOWN_ISSUES<br \/>\ndrwxrwxr-x. 2 panda panda   43  2\u6708 27 00:29 Licensing<br \/>\n-rw-rw-r&#8211;. 1 panda panda 1970  2\u6708 27 00:29 README.md<br \/>\n-rw-rw-r&#8211;. 1 panda panda 3335  2\u6708 27 00:29 README.quickstart.md<br \/>\ndrwxrwxr-x. 2 panda panda   46  2\u6708 27 00:29 build<br \/>\ndrwxrwxr-x. 3 panda panda   35  2\u6708 27 00:29 distro<br \/>\ndrwxrwxr-x. 2 panda panda  143  2\u6708 27 00:29 doc<br \/>\ndrwxrwxr-x. 3 panda panda   86  2\u6708 27 00:29 easyrsa3<br \/>\n-rw-rw-r&#8211;. 1 panda panda   95  2\u6708 27 00:29 op_test.sh<br \/>\ndrwxrwxr-x. 2 panda panda   23  2\u6708 27 00:29 release-keys<\/div>\n<p>&nbsp;<\/p>\n<h2>\u8a8d\u8a3c\u5c40\u3001\u8a3c\u660e\u66f8\u53ca\u3073\u79d8\u5bc6\u9375\u4e26\u3073\u306b\u305d\u306e\u4ed6\u3082\u308d\u3082\u308d\u306e\u4f5c\u6210<\/h2>\n<p>\u4ee5\u4e0b\u306e\u4f5c\u696d\u3067\u306f\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u5f8c\u3001\u8a3c\u660e\u66f8\u7b49\u3092\u524d\u9805\u306e\u30ea\u30b9\u30c8\u306e\u3046\u3061\u306eeasyrsa3\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u3067\u4f5c\u6210\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<h3>\u8a8d\u8a3c\u5c40\u306e\u521d\u671f\u5316<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u8a8d\u8a3c\u5c40\u3092\u521d\u671f\u5316\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ .\/easyrsa init-pki<br \/>\ninit-pki complete; you may now create a CA or requests.<br \/>\nYour newly created PKI dir is: \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki<\/div>\n<p>&nbsp;<br \/>\n\u3053\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001easyrsa\u3068\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306bpki\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ ls -l<br \/>\n\u5408\u8a08 60<br \/>\n-rwxr-xr-x. 1 panda panda 37427  2\u6708 27 00:29 easyrsa<br \/>\n-rw-rw-r&#8211;. 1 panda panda  4560  2\u6708 27 00:29 openssl-easyrsa.cnf<br \/>\ndrwx&#8212;&#8212;. 4 panda panda    33  5\u6708 16 22:44 pki<br \/>\n-rw-rw-r&#8211;. 1 panda panda  8459  2\u6708 27 00:29 vars.example<br \/>\ndrwxrwxr-x. 2 panda panda    78  2\u6708 27 00:29 x509-types<\/div>\n<p>&nbsp;<\/p>\n<h3>\u8a8d\u8a3c\u5c40\u306e\u4f5c\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002Common Name\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ .\/easyrsa build-ca<br \/>\nEnter New CA Key Passphrase: [\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba]<br \/>\nRe-Enter New CA Key Passphrase: [\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba]<br \/>\nGenerating RSA private key, 2048 bit long modulus<br \/>\n&#8230;&#8230;+++<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;.+++<br \/>\ne is 65537 (0x010001)<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8216;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCommon Name (eg: your user, host, or server name) [Easy-RSA CA]:<br \/>\nCA creation complete and you may now import and sign cert requests.<br \/>\nYour new CA certificate file for publishing is at:<br \/>\n\/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/ca.crt<\/div>\n<p>&nbsp;<\/p>\n<h3>\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8(CRL)\u306e\u4f5c\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8(CRL)\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ .\/easyrsa gen-crl<br \/>\nUsing configuration from .\/openssl-easyrsa.cnf<br \/>\nEnter pass phrase for \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/private\/ca.key:<br \/>\n&nbsp;<br \/>\nAn updated CRL has been created.<br \/>\nCRL file: \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/crl.pem<\/div>\n<p>&nbsp;<br \/>\n\u306a\u304a\u3001\/var\/log\/openvpn.log\u306b<\/p>\n<div class=\"code\">VERIFY ERROR: depth=0, error=CRL has expired: CN=client<\/div>\n<p>&nbsp;<br \/>\n\u3068\u3044\u3046\u3088\u3046\u306a\u611f\u3058\u306e\u30ed\u30b0(CRL\u306e\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u305f\u3053\u3068\u3092\u77e5\u3089\u305b\u308b\u30a8\u30e9\u30fc)\u304c\u8868\u793a\u3055\u308c\u305f\u5834\u5408\u3082\u3001\u4e0a\u8a18\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u751f\u6210\u3055\u308c\u305fcrl.pem\u3092\/etc\/openvpn\/server\u306e\u4e0b\u306b\u30b3\u30d4\u30fc\u3059\u308b\u3068\u826f\u3044\u3088\u3046\u3067\u3059\u3002<\/p>\n<h3>DH\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u751f\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001DH(Diffie-Hellman)\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u751f\u6210\u3057\u307e\u3059\u3002\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u751f\u6210\u306b\u306f\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u306e\u3067\u3001\u3072\u305f\u3059\u3089\u5f85\u3061\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ .\/easyrsa gen-dh<br \/>\n(\u4e2d\u7565)<br \/>\nDH parameters of size 2048 created at \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/dh.pem<\/div>\n<p>&nbsp;<\/p>\n<h3>\u30b5\u30fc\u30d0\u7528\u79d8\u5bc6\u9375\u53ca\u3073\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30b5\u30fc\u30d0\u7528\u79d8\u5bc6\u9375\u53ca\u3073\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u7b2c2\u5f15\u6570\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u63a5\u7d9a\u958b\u59cb\u6642\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u4e0d\u8981\u3068\u3057\u305f\u3044\u5834\u5408\u306b\u306f&#8221;nopass&#8221;\u3092\u5f15\u6570\u3068\u3057\u3066\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<pre>[panda@pandanote.info easyrsa3]$ .\/easyrsa build-server-full pandanote.info nopass         Generating a 2048 bit RSA private key\r\n..............+++\r\n................................+++\r\nwriting new private key to '\/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/private\/pandanote.info.key.qqs3TxRYZA'\r\n-----\r\nUsing configuration from .\/openssl-easyrsa.cnf\r\nEnter pass phrase for \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/private\/ca.key:\r\nCan't open \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/index.txt.attr for reading, No such file or directory\r\n140257658697472:error:02001002:system library:fopen:No such file or directory:crypto\/bio\/bss_file.c:74:fopen('\/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/index.txt.attr','r')\r\n140257658697472:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\/bio\/bss_file.c:81:\r\nCheck that the request matches the signature\r\nSignature ok\r\nThe Subject's Distinguished Name is as follows\r\ncommonName            :ASN.1 12:'pandanote.info'\r\nCertificate is to be certified until May 13 14:00:07 2028 GMT (3650 days)\r\n&nbsp;\r\nWrite out database with 1 new entries\r\nData Base Updated\r\n<\/pre>\n<h3>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u79d8\u5bc6\u9375\u53ca\u3073\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u79d8\u5bc6\u9375\u53ca\u3073\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u7b2c2\u5f15\u6570\u306b\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u540d\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u540d\u306f\u3061\u3087\u3063\u3068\u624b\u3092\u629c\u3044\u3066\u3044\u307e\u3059\u3002(\u00b4\u30fb\u03c9\u30fb\uff40)<\/p>\n<p>\u307e\u305f\u3001\u63a5\u7d9a\u958b\u59cb\u6642\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u4e0d\u8981\u3068\u3057\u305f\u3044\u5834\u5408\u306b\u306f&#8221;nopass&#8221;\u3092\u7b2c3\u5f15\u6570\u3068\u3057\u3066\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[panda@pandanote.info easyrsa3]$ .\/easyrsa build-client-full client nopass<br \/>\nGenerating a 2048 bit RSA private key<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..+++<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..+++<br \/>\nwriting new private key to &#8216;\/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/private\/client.key.5hnIpxYUJs&#8217;<br \/>\n&#8212;&#8211;<br \/>\nUsing configuration from .\/openssl-easyrsa.cnf<br \/>\nEnter pass phrase for \/home\/panda\/openvpn\/easy-rsa-3.0.5\/easyrsa3\/pki\/private\/ca.key:<br \/>\nCheck that the request matches the signature<br \/>\nSignature ok<br \/>\nThe Subject&#8217;s Distinguished Name is as follows<br \/>\ncommonName            :ASN.1 12:&#8217;client&#8217;<br \/>\nCertificate is to be certified until May 15 11:02:46 2028 GMT (3650 days)<br \/>\n&nbsp;<br \/>\nWrite out database with 1 new entries<br \/>\nData Base Updated<\/div>\n<p>&nbsp;<br \/>\n\u4e0a\u8a18\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002&lt;\u7b2c2\u5f15\u6570\u3067\u6307\u5b9a\u3057\u305f\u6587\u5b57\u5217>\u3092\u5909\u66f4\u3057\u305f\u5834\u5408\u306b\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u5909\u66f4\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n<ul>\n<li>\u79d8\u5bc6\u9375(pki\/private\u306e\u4e0b\u306b\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002): &lt;\u7b2c2\u5f15\u6570\u3067\u6307\u5b9a\u3057\u305f\u6587\u5b57\u5217>.key<\/li>\n<li>\u8a3c\u660e\u66f8(pki\/issued\u306e\u4e0b\u306b\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002): &lt;\u7b2c2\u5f15\u6570\u3067\u6307\u5b9a\u3057\u305f\u6587\u5b57\u5217>.crt<\/li>\n<\/ul>\n<h2>OpenVPN\u30b5\u30fc\u30d0\u3068\u3057\u3066\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/h2>\n<p>\u8a8d\u8a3c\u5c40\u3001\u8a3c\u660e\u66f8\u53ca\u3073\u79d8\u5bc6\u9375\u4e26\u3073\u306b\u305d\u306e\u4ed6\u3082\u308d\u3082\u308d\u304c\u4f5c\u6210\u3067\u304d\u305f\u3089\u3001\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u3092OpenVPN\u306b\u30b5\u30fc\u30d0\u3068\u3057\u3066\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3057\u307e\u3059\u3002<\/p>\n<h3>\u30b5\u30fc\u30d3\u30b9\u540d\u306e\u9078\u629e<\/h3>\n<p>\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u304cOpenVPN\u30b5\u30fc\u30d0\u306b\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u305d\u306e\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002\u306a\u304a\u3001Fedora 26 Server\u3067\u306fOpenVPN\u306b\u5bfe\u5fdc\u3057\u305f\u30b5\u30fc\u30d3\u30b9\u540d\u304c\u4ee5\u4e0b\u306e3\u500b\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>openvpn-client<\/li>\n<li>openvpn-server<\/li>\n<li>openvpn<\/li>\n<\/ol>\n<p>\/lib\/systemd\u306e\u4e0b\u306b\u4e0a\u8a18\u306e\u30b5\u30fc\u30d3\u30b9\u540d\u306b\u305d\u308c\u305e\u308c\u5bfe\u5fdc\u3059\u308b\u8d77\u52d5\u53ca\u3073\u7d42\u4e86\u7528\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u305d\u308c\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u78ba\u8a8d\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u305d\u306e\u4e0a\u3067\u3069\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3059\u308b\u304b\u3092\u6c7a\u3081\u307e\u3059\u3002\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u5074\u3067\u306fopenvpn-server\u3092\u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u4f7f\u7528\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n<h3>TLS\u8a8d\u8a3c\u9375\u306e\u4f5c\u6210<\/h3>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001TLS\u8a8d\u8a3c\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f5c\u6210\u3057\u305fTLS\u8a8d\u8a3c\u9375\u306f \/etc\/openvpn\/server\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u76f4\u63a5\u7f6e\u3044\u3066\u3057\u307e\u3044\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info easyrsa3]# openvpn &#8211;genkey &#8211;secret \/etc\/openvpn\/server\/ta.key<\/div>\n<p>&nbsp;<\/p>\n<h3>\u8a2d\u5b9a\u7528\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30d4\u30fc<\/h3>\n<p>root\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u300c\u8a8d\u8a3c\u5c40\u3001\u8a3c\u660e\u66f8\u53ca\u3073\u79d8\u5bc6\u9375\u4e26\u3073\u306b\u305d\u306e\u4ed6\u3082\u308d\u3082\u308d\u306e\u4f5c\u6210\u300d\u306e\u9805\u3067\u4f5c\u6210\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u8d77\u52d5\u53ca\u3073\u7d42\u4e86\u7528\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u6307\u5b9a\u3055\u308c\u3066\u3044\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002SELinux\u3092&#8221;enforcing&#8221;\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306fchcon\u30b3\u30de\u30f3\u30c9\u3082\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info easyrsa3]# cp pki\/ca.crt \/etc\/openvpn\/server\/<br \/>\n[root@pandanote.info easyrsa3]# cp pki\/issued\/pandanote.info.crt \/etc\/openvpn\/server\/<br \/>\n[root@pandanote.info easyrsa3]# cp pki\/private\/pandanote.info.key \/etc\/openvpn\/server\/<br \/>\n[root@pandanote.info easyrsa3]# cp pki\/crl.pem \/etc\/openvpn\/server\/<br \/>\n[root@pandanote.info easyrsa3]# cp pki\/dh.pem \/etc\/openvpn\/server\/<br \/>\n[root@pandanote.info easyrsa3]# chcon -t openvpn_etc_t \/etc\/openvpn\/server\/*\n<\/div>\n<p>&nbsp;<\/p>\n<h3>server.conf\u306e\u8a2d\u5b9a<\/h3>\n<p> \/usr\/share\/doc\/openvpn\/sample\/sample-config-files\u306e\u4e0b\u306b\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30b5\u30f3\u30d7\u30eb(server.conf)\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u3053\u308c\u3092\/etc\/openvpn\/server\u306e\u4e0b\u306b\u30b3\u30d4\u30fc\u3057\u3066\u304b\u3089\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u4fee\u6b63\u307e\u305f\u306f\u8ffd\u52a0\u3057\u307e\u3059(\u30b3\u30e1\u30f3\u30c8\u884c\u304c\u591a\u3044\u306e\u3067\u3001\u4fee\u6b63\u3057\u305f\u90e8\u5206\u3068\u8ffd\u52a0\u3057\u305f\u90e8\u5206\u306e\u307f\u3092\u793a\u3057\u307e\u3059)\u3002\u306a\u304a\u3001\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9\u306f\u7d76\u5bfe\u30d1\u30b9\u307e\u305f\u306f\u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304b\u3089\u306e\u76f8\u5bfe\u30d1\u30b9\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u30e6\u30fc\u30b6ID\u53ca\u3073\u30b0\u30eb\u30fc\u30d7\u540d\u306fnobody\u3067\u306f\u306a\u304f\u3001openvpn\u3092\u6307\u5b9a\u3057\u3066\u3044\u307e\u3059(\u3053\u3046\u3057\u306a\u3044\u3068\u3001client-config-dir\u306e\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u8aad\u3081\u307e\u305b\u3093\u3067\u3057\u305f)\u3002<\/p>\n<div class=\"code\">cert pandanote.info.crt<br \/>\nkey pandanote.info.key<br \/>\ndh dh.pem<br \/>\nserver 192.168.0.0 255.255.255.0<br \/>\npush &#8220;route 192.168.0.0 255.255.255.0&#8221;<br \/>\n# comp-lzo<br \/>\nuser openvpn<br \/>\ngroup openvpn<br \/>\nlog-append  \/var\/log\/openvpn.log<br \/>\n# \u4ee5\u4e0b\u306e2\u884c\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<br \/>\nmanagement localhost 7505 # OpenVPN\u306e\u7ba1\u7406\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9<br \/>\ncrl-verify crl.pem<\/div>\n<p>&nbsp;<br \/>\n[2022\/04\/12 \u88dc\u8db3] VORACLE\u653b\u6483\u3092\u9632\u3050\u305f\u3081\u3001comp-lzo\u306e\u8a2d\u5b9a\u306f\u524a\u9664(\u4e0a\u8a18\u306e\u8a2d\u5b9a\u4f8b\u3067\u306f\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8)\u3057\u307e\u3057\u305f(VORACLE\u653b\u6483\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f[<a href=\"#_ref2\">2<\/a>]\u53c2\u7167)\u3002<\/p>\n<h3>SELinux\u306e\u8a2d\u5b9a\u306e\u5909\u66f4<\/h3>\n<p>OpenVPN\u306e\u7ba1\u7406\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u3092\u8ffd\u52a0\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u8ffd\u52a0\u306e\u969b\u306b\u6307\u5b9a\u3057\u305f\u30dd\u30fc\u30c8\u756a\u53f7\u3092OpenVPN\u304c(SELinux\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u3067\u3082)\u7ba1\u7406\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u3068\u3057\u3066\u4f7f\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\"># semanage port -a -t openvpn_port_t -p udp 7505<\/div>\n<p>&nbsp;<\/p>\n<h3>firewall\u306e\u8a2d\u5b9a\u306e\u5909\u66f4<\/h3>\n<p>OpenVPN\u30b5\u30fc\u30d0\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u3067\u306fUDP\u306e1194\u756a\u30dd\u30fc\u30c8\u3092\u4f7f\u7528\u3057\u307e\u3059\u306e\u3067\u3001OpenVPN\u30b5\u30fc\u30d0\u306e\u8d77\u52d5\u306e\u524d\u306broot\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u4f7f\u7528\u53ef\u80fd\u306a\u72b6\u614b\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<div class=\"code\"># firewall-cmd &#45;&#45;zone=&lt;zone name&gt; &#45;&#45;add-service=openvpn<br \/>\n# firewall-cmd &#45;&#45;zone=&lt;zone name&gt; &#45;&#45;add-service=openvpn &#45;&#45;permanent<\/div>\n<p>&nbsp;<\/p>\n<h3>\u30eb\u30fc\u30bf\u306e\u8a2d\u5b9a<\/h3>\n<p>\u30eb\u30fc\u30bf\u306e\u8a2d\u5b9a\u3067UDP\u306e1194\u756a\u30dd\u30fc\u30c8\u3092\u901a\u904e\u3055\u305b\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u5177\u4f53\u7684\u306a\u8a2d\u5b9a\u306e\u65b9\u6cd5\u306b\u3064\u3044\u3066\u306f\u30eb\u30fc\u30bf\u3054\u3068\u306b\u7570\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u672c\u8a18\u4e8b\u3067\u306f\u7701\u7565\u3057\u307e\u3059\u3002<\/p>\n<h2>OpenVPN\u30b5\u30fc\u30d0\u306e\u8d77\u52d5<\/h2>\n<p>root\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001NUC\u306e\u30d6\u30fc\u30c8\u6642\u306bOpenVPN\u304c\u81ea\u52d5\u7684\u306b\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u306a\u304a\u3001\u7b2c2\u5f15\u6570\u306e\u30a2\u30c3\u30c8\u30de\u30fc\u30af\u306e\u5f8c\u308d\u306e\u6587\u5b57\u5217\u306f\u3001\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea(\/etc\/openvpn\/server)\u306e\u4e0b\u306b\u7f6e\u3044\u305f\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u3046\u3061\u62e1\u5f35\u5b50\u3092\u9664\u3044\u305f\u3082\u306e\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info server]# systemctl enable openvpn-server@server<br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/openvpn-server@server.service \u2192 \/usr\/lib\/systemd\/system\/openvpn-server@.service.<\/div>\n<p>&nbsp;<br \/>\n\u6b21\u306broot\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001OpenVPN\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info server]# systemctl start openvpn-server@server<\/div>\n<p>&nbsp;<br \/>\n\u3053\u306e\u6642\u70b9\u3067\u306f\u307e\u3060\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001tun\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info server]# ip addr show<br \/>\n(\u4e2d\u7565)<br \/>\n13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100<br \/>\n    link\/none<br \/>\n    inet 192.168.0.1 peer 192.168.0.2\/32 scope global tun0<br \/>\n       valid_lft forever preferred_lft forever<br \/>\n    inet6 fe80::6e8d:a678:2e39:f51e\/64 scope link flags 800<br \/>\n       valid_lft forever preferred_lft forever<\/div>\n<p>&nbsp;<br \/>\n\u307e\u3060\u63a5\u7d9a\u304c\u3067\u304d\u3066\u3044\u307e\u305b\u3093\u304c\u3001tun\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u3067\u3001OpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u306e\u63a5\u7d9a\u3092\u53d7\u3051\u4ed8\u3051\u308b\u305f\u3081\u306e\u6e96\u5099\u304c\u6574\u3044\u307e\u3057\u305f\u3002<\/p>\n<h2>OpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u306eOpenVPN\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p>OpenVPN\u30b5\u30fc\u30d0\u306e\u8a2d\u5b9a\u304c\u5b8c\u4e86\u3057\u305f\u3089\u3001OpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306b\u306a\u308bNUC\u5074\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u53ca\u3073\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<br \/>\nOpenVPN\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092root\u6a29\u9650\u3067\u5b9f\u884c\u3059\u308b\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u304d\u307e\u3059\u3002<\/p>\n<div class=\"code\"># dnf install openvpn<\/div>\n<p>&nbsp;<\/p>\n<h2>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u53ca\u3073\u79d8\u5bc6\u9375\u4e26\u3073\u306b\u305d\u306e\u4ed6\u3082\u308d\u3082\u308d\u306e\u8a2d\u5b9a<\/h2>\n<h3>\u30b5\u30fc\u30d3\u30b9\u540d\u306e\u9078\u629e<\/h3>\n<p>NUC\u304cOpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u305d\u306e\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002\u306a\u304a\u3001Fedora 27 Server\u3067\u306fOpenVPN\u306b\u5bfe\u5fdc\u3057\u305f\u30b5\u30fc\u30d3\u30b9\u540d\u304c\u4ee5\u4e0b\u306e2\u500b\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>openvpn-client<\/li>\n<li>openvpn-server<\/li>\n<\/ol>\n<p>\u30b5\u30fc\u30d0\u5074\u3068\u540c\u69d8\u306b\/lib\/systemd\u306e\u4e0b\u306b\u4e0a\u8a18\u306e\u30b5\u30fc\u30d3\u30b9\u540d\u306b\u305d\u308c\u305e\u308c\u5bfe\u5fdc\u3059\u308b\u8d77\u52d5\u53ca\u3073\u7d42\u4e86\u7528\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u305d\u308c\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u78ba\u8a8d\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u305d\u306e\u4e0a\u3067\u3069\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3059\u308b\u304b\u3092\u6c7a\u3081\u307e\u3059\u3002NUC\u5074\u3067\u306fopenvpn-client\u3092\u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u4f7f\u7528\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n<h3>\u30b5\u30fc\u30d0\u304b\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30d4\u30fc<\/h3>\n<p>\u30b5\u30fc\u30d0\u304b\u3089\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092NUC\u306e\/etc\/openvpn\/client\u306b\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002<\/p>\n<ol>\n<li>easy-rsa\u3067\u4f5c\u6210\u3057\u305fCA\u306e\u8a3c\u660e\u66f8(ca.crt)\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a3c\u660e\u66f8(client.crt)\u53ca\u3073\u79d8\u5bc6\u9375(client.key) <\/li>\n<li>\/etc\/openvpn\/server\u306b\u4f5c\u6210\u3057\u305fTLS\u8a8d\u8a3c\u9375(ta.key)<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h3>client.conf\u306e\u8a2d\u5b9a<\/h3>\n<p> \/usr\/share\/doc\/openvpn\/sample\/sample-config-files\u306e\u4e0b\u306b\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30b5\u30f3\u30d7\u30eb(client.conf)\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u3053\u308c\u3092\/etc\/openvpn\/client\u306e\u4e0b\u306b\u30b3\u30d4\u30fc\u3057\u3066\u304b\u3089\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u4fee\u6b63\u307e\u305f\u306f\u8ffd\u52a0\u3057\u307e\u3059(\u30b3\u30e1\u30f3\u30c8\u884c\u304c\u591a\u3044\u306e\u3067\u3001\u4fee\u6b63\u3057\u305f\u90e8\u5206\u3068\u8ffd\u52a0\u3057\u305f\u90e8\u5206\u306e\u307f\u3092\u793a\u3057\u307e\u3059)\u3002\u306a\u304a\u3001\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9\u306f\u7d76\u5bfe\u30d1\u30b9\u307e\u305f\u306f\u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304b\u3089\u306e\u76f8\u5bfe\u30d1\u30b9\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">\nremote &lt;\u30b5\u30fc\u30d0\u306eIPv4\u30a2\u30c9\u30ec\u30b9&gt; 1194<br \/>\nuser nobody<br \/>\ngroup nobody<br \/>\n# comp-lzo\n<\/div>\n<p>&nbsp;<br \/>\n[2022\/04\/12 \u88dc\u8db3] VORACLE\u653b\u6483\u3092\u9632\u3050\u305f\u3081\u3001comp-lzo\u306e\u8a2d\u5b9a\u306f\u524a\u9664(\u4e0a\u8a18\u306e\u8a2d\u5b9a\u4f8b\u3067\u306f\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8)\u3057\u307e\u3057\u305f(VORACLE\u653b\u6483\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f[<a href=\"#_ref2\">2<\/a>]\u53c2\u7167)\u3002<\/p>\n<p>\u307e\u305f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a3c\u660e\u66f8\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u304cclient.crt\u3067\u306a\u3044\u5834\u5408\u3001\u307e\u305f\u306f\u79d8\u5bc6\u9375\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u304cclient.key\u3067\u306a\u3044\u5834\u5408\u306b\u306f\u4e0a\u8a18\u306e\u8a2d\u5b9a\u306b\u52a0\u3048\u3066\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n<div class=\"code\">cert &lt;\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a3c\u660e\u66f8\u306e\u30d5\u30a1\u30a4\u30eb\u540d><br \/>\nkey &lt;\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u79d8\u5bc6\u9375\u306e\u30d5\u30a1\u30a4\u30eb\u540d><\/div>\n<p>&nbsp;<\/p>\n<h3>SELinux\u7528\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306e\u5909\u66f4<\/h3>\n<p>SELinux\u3092\u6709\u52b9(enforcing)\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306a\u3069\u306e\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3092\u5909\u66f4\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info client]# chcon -t openvpn_etc_t \/etc\/openvpn\/client\/*<\/div>\n<p>&nbsp;<\/p>\n<h2>OpenVPN\u306e\u8d77\u52d5<\/h2>\n<p>root\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001NUC\u306e\u30d6\u30fc\u30c8\u6642\u306bOpenVPN\u304c\u81ea\u52d5\u7684\u306b\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u306a\u304a\u3001\u7b2c2\u5f15\u6570\u306e\u30a2\u30c3\u30c8\u30de\u30fc\u30af\u306e\u5f8c\u308d\u306e\u6587\u5b57\u5217\u306f\u3001\u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea(\/etc\/openvpn\/client)\u306e\u4e0b\u306b\u7f6e\u3044\u305f\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u3046\u3061\u62e1\u5f35\u5b50\u3092\u9664\u3044\u305f\u3082\u306e\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info client]# systemctl enable openvpn-client@client<br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/openvpn-client@client.service \u2192 \/usr\/lib\/systemd\/system\/openvpn-client@.service.<\/div>\n<p>&nbsp;<br \/>\n\u6b21\u306broot\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001OpenVPN\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@pandanote.info client]# systemctl start openvpn-client@client<\/div>\n<p>&nbsp;<br \/>\n\u6700\u5f8c\u306b\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u3082\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u304c\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3068\u3001ping\u304c\u901a\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<div class=\"code\">[root@nuc client]# ip addr show<br \/>\n(\u4e2d\u7565)<br \/>\n5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100<br \/>\n    link\/none<br \/>\n    inet 192.168.0.6 peer 192.168.0.5\/32 scope global tun0<br \/>\n       valid_lft forever preferred_lft forever<br \/>\n    inet6 fe80::8a49:3a36:dba:20a7\/64 scope link stable-privacy<br \/>\n       valid_lft forever preferred_lft forever<br \/>\n[root@nuc client]# ping 192.168.0.1<br \/>\nPING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br \/>\n64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=13.7 ms<br \/>\n64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=13.7 ms<br \/>\n64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=13.6 ms<br \/>\n^C<br \/>\n&#8212; 192.168.0.1 ping statistics &#8212;<br \/>\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms<br \/>\nrtt min\/avg\/max\/mdev = 13.616\/13.720\/13.794\/0.155 ms\n<\/div>\n<p>&nbsp;<br \/>\n\u3053\u308c\u3067\u3001\u3072\u3068\u307e\u305a\u8a2d\u5b9a\u306f\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n<p><strong>\u304a\u75b2\u308c\u3055\u307e\u3067\u3057\u305f!!<\/strong><\/p>\n<h2>\u307e\u3068\u3081<\/h2>\n<p>NUC\u3078\u306e\u79fb\u884c\u306e\u524d\u307e\u3067\u306fPPTP\u3092\u4f7f\u3063\u3066VPN\u3092\u69cb\u6210\u3057\u3066\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u3068\u81ea\u5b85\u306eLinux\u30b5\u30fc\u30d0(?)\u306e\u9593\u3092\u63a5\u7d9a\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u79fb\u884c\u4f5c\u696d\u3092\u884c\u3063\u3066\u3044\u305f\u6642\u70b9(2018\u5e745\u6708\u6642\u70b9)\u3067\u306fPPTP\u3092\u4f7f\u3044\u7d9a\u3051\u308b\u306e\u306f\u3042\u307e\u308a\u304a\u52e7\u3081\u3055\u308c\u306a\u304f\u306a\u3063\u3066\u304d\u3066\u3044\u307e\u3057\u305f\u306e\u3067\u3001OpenVPN\u3078\u306e\u79fb\u884c\u3082\u3064\u3044\u3067\u306b\u3059\u307e\u305b\u3066\u3057\u307e\u3046\u3053\u3068\u3068\u3057\u305f\u6b21\u7b2c\u3067\u3059\u3002<\/p>\n<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u95a2\u9023\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306f\u8a2d\u5b9a\u9805\u76ee\u304c\u5927\u91cf\u306b\u3042\u308b\u3082\u306e\u304c\u591a\u3044\u3067\u3059\u304c\u3001OpenVPN\u306f\u305d\u308c\u306b\u901a\u4fe1\u306e\u78ba\u8a8d\u4f5c\u696d\u3082\u3042\u308b\u306e\u3067\u3001\u6b63\u76f4\u304d\u3064\u3044\u3067\u3059\u306d\u2026<\/p>\n<p>\u4f55\u3068\u304b\u3057\u3066\u304f\u3060\u3055\u3044\u2026 (\u00b4\u30fb\u03c9\u30fb\uff40)<\/p>\n<p>\u5b9f\u306f\u758e\u901a\u78ba\u8a8d\u306e\u4f5c\u696d\u3067\u304b\u306a\u308a\u30cf\u30de\u3063\u305f\u306e\u3067\u3001<a href=\"https:\/\/pandanote.info\/?p=2038\">\u6b21\u306e\u8a18\u4e8b<\/a>\u3067\u305d\u308c\u306b\u3064\u3044\u3066\u66f8\u304d\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u8a18\u4e8b\u306f\u4ee5\u4e0a\u3067\u3059\u3002<\/p>\n<h2>References \/ \u53c2\u8003\u6587\u732e<\/h2>\n<ul>\n<li id=\"_ref1\"><a href=\"https:\/\/hacknote.jp\/archives\/28042\/\">openvpn\u3067 CRL has expired \u304c\u51fa\u305f\u5834\u5408\u306e\u5bfe\u5fdc<\/a><\/li>\n<li id=\"_ref2\"><a href=\"https:\/\/community.openvpn.net\/openvpn\/wiki\/VORACLE\">VORACLE attack and OpenVPN<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u306f\u3058\u3081\u306b \u81ea\u5b85\u3067Linux\u30b5\u30fc\u30d0(?)\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u3044\u305f\u5c0f\u578bPC(AOpen MP67-D\u3001\u4ee5\u4e0b\u5358\u306b\u300c\u5c0f\u578bPC\u300d\u3068\u66f8\u304d\u307e\u3059\u3002)\u3092Intel NUC(NUC7i5BNH\u3001\u4ee5\u4e0b\u5358\u306b\u300cNUC\u300d\u3068\u66f8\u304d\u307e\u3059\u2193) \u3068\u4ea4\u63db\u3059\u308b\u3079\u304f\u3001\u4ed5\u4e8b\u3084\u8cb7\u3044\u7269\u306e\u5408\u9593\u3092\u7e2b\u3063\u3066\u30c7\u30fc\u30bf\u7b49\u306e\u79fb\u884c\u4f5c\u696d\u304c\u5927\u597d\u8a55\u9032\u884c\u4e2d(2018\u5e745\u6708\u73fe\u5728)\u3067\u3059\u3002 \u305d\u3053\u3067\u3001\u30c7\u30fc\u30bf\u79fb\u884c\u306e\u3064\u3044\u3067\u306b\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d0\u3068\u81ea\u5b85\u306eNUC\u306e\u9593\u306eVPN\u3092OpenVPN\u3092\u4f7f\u3063\u3066\u63a5\u2026 <span class=\"read-more\"><a href=\"https:\/\/pandanote.info\/?p=2024\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":5601,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,18,42,15],"tags":[],"class_list":["post-2024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fedora","category-nuc","category-openvpn","category-pc"],"_links":{"self":[{"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/posts\/2024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pandanote.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2024"}],"version-history":[{"count":32,"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/posts\/2024\/revisions"}],"predecessor-version":[{"id":8785,"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/posts\/2024\/revisions\/8785"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pandanote.info\/index.php?rest_route=\/wp\/v2\/media\/5601"}],"wp:attachment":[{"href":"https:\/\/pandanote.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pandanote.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pandanote.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}