This tutorial will guide you through the step-by-step process of installing easy-rsa on your Elementary OS system. Easy-rsa is a set of scripts used to create public key infrastructure (PKI) to support an OpenVPN setup.
First, you need to install Git on your system. Git is a version control system used for software development.
To install Git, open a terminal and type the following command:
sudo apt-get install git
Now that Git is installed, open a terminal and use the following command to clone the easy-rsa repository from GitHub:
git clone https://github.com/OpenVPN/easy-rsa.git
This command will download the easy-rsa repository to your current working directory.
Next, copy the easy-rsa scripts to a location on your system where you have write permissions. You can copy the scripts to your home directory using the following command:
cp -r easy-rsa/ /etc/openvpn/
This command will copy the easy-rsa directory and its contents to the /etc/openvpn/ directory on your system.
vars FileBefore you can use the easy-rsa scripts, you need to edit the vars file to set the required variables. Open the vars file using a text editor:
sudo nano /etc/openvpn/easy-rsa/vars
Change the following variables to your preferred values:
export KEY_COUNTRY="<Country Code>"
export KEY_PROVINCE="<State/Province>"
export KEY_CITY="<City Name>"
export KEY_ORG="<Organization Name>"
export KEY_EMAIL="<Email Address>"
Now that the vars file has been updated, you can use the easy-rsa scripts to generate certificates.
Navigate to the easy-rsa/ directory:
cd /etc/openvpn/easy-rsa/
Source the vars file to set the environment variables:
source vars
Initialize the PKI:
./easyrsa init-pki
Generate a CA certificate:
./easyrsa build-ca
Generate a server certificate and key:
./easyrsa build-server-full <Server Name> nopass
Generate a client certificate and key:
./easyrsa build-client-full <Client Name> nopass
You can now use the generated certificates for your OpenVPN setup.
The ca.crt, <Server Name>.crt, and <Server Name>.key files should be copied to the OpenVPN server. The ca.crt and <Client Name>.crt files should be copied to the OpenVPN client.
This tutorial has shown how to install easy-rsa from GitHub on Elementary OS Latest. By following the steps outlined in this tutorial, you can generate certificates for your OpenVPN setup using easy-rsa.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
