差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
openvpn [2017/12/18 01:56] jz |
openvpn [2018/01/01 23:37] (目前版本) jz |
||
|---|---|---|---|
| 行 65: | 行 65: | ||
| port 443 | port 443 | ||
| port-share 127.0.0.1 4443 # e.g. nginx open port at 4443 | port-share 127.0.0.1 4443 # e.g. nginx open port at 4443 | ||
| + | </code> | ||
| + | |||
| + | ===== NAT ===== | ||
| + | <code bash> | ||
| + | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | ||
| + | </code> | ||
| + | |||
| + | ===== OpenSC ===== | ||
| + | <code bash> | ||
| + | # combine cert into p12 format | ||
| + | openssl pkcs12 -export -out cert_key.p12 -inkey client.key -in client.crt -certfile ca.crt -nodes | ||
| + | # import cert into yubikey | ||
| + | yubico-piv-tool -s 9a -i cert_key.p12 -K PKCS12 -a import-key -a import-cert -k | ||
| + | # show id | ||
| + | openvpn --show-pkcs11-ids opensc-pkcs11.so | ||
| + | # client config: replace cert and key section with following | ||
| + | pkcs11-id piv_II/PKCS.................... # replace this with the id in the previous command output | ||
| + | pkcs11-providers opensc-pkcs11.so | ||
| </code> | </code> | ||
