Pfsense OpenVPN Key olusturma

bir kac zamandır pfsense ile ugrasıyoruz.

Yakında bir cok makale yayınlayacagım. Aslında her yaptıgım seyleri burda yazsam cok guzel olacaktı ama sonrada geriye donuk olarak olusturmaya calısacagım.

Open vpn olusturdukdan sonra lokal bilgisayarda key düzenleme işi biraz zahmetli. En azından ben yapamadım. Bir kez key dosyası olusturdukdan sonra bilgisayarı kapatıp acarsam butun key dosyalarını ve sertifikalarını yeniden olusturmam gerekiyordu (server sertifikaları da dahil)

Asagıdaki site hayatımı kurtardı diyebilirim

http://doc.pfsense.org/index.php/Easyrsa_for_pfSense

Siteye olur ya bi gün bişi olursa diye burayada kopyaladım

You can use easy-rsa on pfSense to generate your OpenVPN keys.

WARNING: This may not be the ideal situation for deploying your PKI. If your OpenVPN server is compromised, your entire PKI will be compromised. This is typically of very little concern, as access to the firewall is highly restricted, and in most networks it’s likely the most secure and least accessible device on the network.
Contents
[hide]

* 1 Install
* 2 Creating a client key
* 3 Creating a password protected client key
* 4 Revoke a client key

Install

Just run the following from a SSH session:

fetch -o - http://files.pfsense.org/misc/easyrsa-setup.txt | /bin/sh

This will download the files, extract them, and remove the downloaded file. After doing this, you will be prompted to run the next step manually. Copy and paste the last line displayed to generate your certificates (NOTE: If you have gone through this process previously, repeating this will wipe out all your existing certificates!)

cd /root/easyrsa4pfsense && ./PFSENSE_RUN_ME_FIRST

This will first prompt you for your location and organization information, to be used when generating the certificate authority and initial certificates, and as defaults when creating additional certificates in the future. It will then create your certificate authority, a server certificate, and one client certificate. These files can be found in the /root/easyrsa4pfsense/keys/ directory.
Creating a client key

To create a new client key, SSH into the firewall, choose option 8 and run:

cd /root/easyrsa4pfsense

source vars

./build-key clientXXXX

Where clientXXXX is the name of the client.

You’ll then find the client’s keys in /root/easyrsa4pfsense/keys/
Creating a password protected client key

To create a new client key with password protection:

cd /root/easyrsa4pfsense

source vars

./build-key-pass clientXXXX

Where clientXXXX is the name of the client.

You’ll then find the client’s keys in /root/easyrsa4pfsense/keys/
Revoke a client key

To revoke the key for client1:

cd /root/easyrsa4pfsense/

source vars

./revoke-full client1

Which will update the crl.pem file, the contents of which need to go into the pfSense OpenVPN GUI in the CRL field.