|
242.
|
|
|
OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.
|
|
|
|
OpenVPN permite autenticación bidireccional basada en certificados, lo que significa que el cliente debe autenticar el certificado del servidor y el servidor debe autenticar el certificado del cliente antes que se establezca la confianza mutua.
|
|
Translated and reviewed by
Jose Luis Tirado
|
|
|
|
Located in
serverguide/C/vpn.xml:55(para)
|
|
243.
|
|
|
Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type (client or server).
|
|
|
|
Ambos, servidor y cliente, autenticarán a la otra parte verificando primero que el certificado presentado fue firmado por la autoridad certificadora maestra (AC), y después comprobando la información de la cabecera del certificado ya autenticado, tal coo el nombre del certificado común o el tipo de certificado (cliente o servidor).
|
|
Translated and reviewed by
Jose Luis Tirado
|
|
|
|
Located in
serverguide/C/vpn.xml:59(para)
|
|
244.
|
|
|
Certificate Authority Setup
|
|
|
|
Configuración de la autoridad de certificación
|
|
Translated and reviewed by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:64(title)
|
|
245.
|
|
|
To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the <filename>easy-rsa</filename> directory to <filename>/etc/openvpn</filename>. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:
|
|
|
|
Para configurar su propia Autoridad Certificadora (AC) y generar certificados y claves para un servidor de OpenVPN y varios clientes copie primero el directorio <filename>easy-rsa</filename> a <filename>/etc/openvpn</filename>. Esto asegurará que los cambios a los scripts no se pierdan cuando se actualice el paquete. Desde un terminal cambie al usuario «root» y:
|
|
Translated and reviewed by
Jose Luis Tirado
|
|
|
|
Located in
serverguide/C/vpn.xml:66(para)
|
|
246.
|
|
|
mkdir /etc/openvpn/easy-rsa/
|
|
|
|
mkdir /etc/openvpn/easy-rsa/
|
|
Translated and reviewed by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:74(command)
|
|
247.
|
|
|
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
|
|
|
|
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
|
|
Translated and reviewed by
Adolfo Jayme Barrientos
|
|
|
|
Located in
serverguide/C/vpn.xml:75(command)
|
|
248.
|
|
|
Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the following to your environment:
|
|
|
|
Ahora edite <filename>/etc/openvpn/easy-rsa/vars</filename> ajustando lo siguiente a su entorno:
|
|
Translated by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:78(para)
|
|
249.
|
|
|
![](/@@/translation-newline)
export KEY_COUNTRY="US" ![](/@@/translation-newline)
export KEY_PROVINCE="NC" ![](/@@/translation-newline)
export KEY_CITY="Winston-Salem" ![](/@@/translation-newline)
export KEY_ORG="Example Company" ![](/@@/translation-newline)
export KEY_EMAIL="steve@example.com" ![](/@@/translation-newline)
export KEY_CN=MyVPN ![](/@@/translation-newline)
export KEY_ALTNAMES=AltMyVPN ![](/@@/translation-newline)
export KEY_NAME=MyVPN ![](/@@/translation-newline)
export KEY_OU=MyVPN
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:82(programlisting)
|
|
250.
|
|
|
Enter the following to generate the master Certificate Authority (CA) certificate and key:
|
|
|
|
Para generar el certificado y la clave maestra de la Autoridad Certificadora (AC), introduzca lo siguiente:
|
|
Translated and reviewed by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:96(para)
|
|
251.
|
|
|
cd /etc/openvpn/easy-rsa/
|
|
|
|
cd /etc/openvpn/easy-rsa/
|
|
Translated by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:101(command) serverguide/C/vpn.xml:149(command)
|