Ping a Specific Port

Question

Christian

Asked: 2018-04-10 05:17:46 +0800 CST2018-04-10 05:17:46 +0800 CST 2018-04-10 05:17:46 +0800 CST

OpenSSL equivalent of libreswan IPSEC

772

I have the following ipsec commands that generate certificates, but I dont have ipsec installed so looking for the openssl equivalent. Can anyone please help?

Create certificate authority cert

ipsec pki --gen --type rsa --size 4096 --outform pem > server-root-key.pem

ipsec pki --self --ca --lifetime 3650 \
--in server-root-key.pem \
--type rsa --dn "C=GB, O=Self Signed, CN=VPN Server Root CA" \
--outform pem > server-root-ca.pem

Create vpn server cert

ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-server-key.pem

ipsec pki --pub --in vpn-server-key.pem \
--type rsa | ipsec pki --issue --lifetime 1825 \
--cacert /etc/swanctl/x509ca/server-root-ca.pem \
--cakey /etc/swanctl/private/server-root-key.pem \
--dn "C=GB, O=Self signed, CN=vpnserver" \
--san vpnserver \
--san dns:18.130.12.85 \
--flag serverAuth --flag ikeIntermediate \
--outform pem > vpn-server-cert.pem

Create user cert

ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-$USER-key.pem

ipsec pki --pub --in vpn-$USER-key.pem \
--type rsa | ipsec pki --issue --lifetime 1825 \
--cacert /etc/swanctl/x509ca/server-root-ca.pem \
--cakey /etc/swanctl/private/server-root-key.pem \
--dn "C=GB, O=Self signed, CN=$USER" \
--san $USER \
--outform pem > vpn-$USER-cert.pem

1 Answers

Voted

Christian · Answer 1 · 2018-04-10T08:27:39+08:00

I've spent 3hrs trying to get this, so here they are to save you time:

################### Create certificate authority cert
openssl req -new -x509 -days 3650 \
-newkey rsa:4096 -nodes \
-subj "/C=GB/O=Self Signed/CN=VPN Server Root CA" \
-keyout private/server-root-key.pem -out x509ca/server-root-ca.pem

################### Create vpn server cert
openssl req -new -newkey rsa:4096 -nodes \
-subj "/C=GB/O=Self Signed/CN=vpnserver" \
-keyout private/vpn-server-key.pem -out x509/vpn-server-cert.pem

openssl x509 -req -in x509/vpn-server-cert.pem -days 1095 \
-CA x509ca/server-root-ca.pem -CAkey private/server-root-key.pem -CAcreateserial \
-out x509/vpn-server-cert.pem \
-extensions req_ext -extfile <(
cat <<EOF
[req_ext]
subjectAltName = DNS:vpnserver,DNS:18.130.12.85
extendedKeyUsage = 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.8.2.2
EOF
)

################### Create user cert
ID=userN

openssl req -new -newkey rsa:4096 -nodes \
-subj "/C=GB/O=Self Signed/CN=${ID}" \
-keyout private/vpn-${ID}-key.pem -out x509/vpn-${ID}-cert.pem

openssl x509 -req -in x509/vpn-${ID}-cert.pem  -days 1095 \
-CA x509ca/server-root-ca.pem -CAkey private/server-root-key.pem -CAcreateserial \
-out x509/vpn-${ID}-cert.pem \
-extensions req_ext -extfile <(
cat <<EOF
[req_ext]
subjectAltName = DNS:${ID}
EOF
)

OpenSSL equivalent of libreswan IPSEC

Create certificate authority cert

Create vpn server cert

Create user cert

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?