12 063
правки
(Новая страница: «It may take a few minutes to create this file.») |
(Новая страница: «Getting messages from the "test" topic on the example.com server») |
||
(не показано 17 промежуточных версий этого же участника) | |||
Строка 283: | Строка 283: | ||
It may take a few minutes to create this file. | It may take a few minutes to create this file. | ||
Next, make a private key of our server and request a certificate. We assume, for example, that | |||
server has name example.com: | |||
<pre> | <pre> | ||
Строка 292: | Строка 292: | ||
</pre> | </pre> | ||
Sign the request in our certification authority: | |||
<pre> | <pre> | ||
Строка 298: | Строка 298: | ||
</pre> | </pre> | ||
Now let's start setting up openvpn server on the machine example.com | |||
Copy the file '''ca.crt''', '''example.crt''', '''example.key''' and '''dh2048.pem''' and edit the openvpn server configuration file. | |||
By default, the configuration file is in /etc/openvpn/server.conf | |||
<pre> | <pre> | ||
Строка 327: | Строка 327: | ||
</pre> | </pre> | ||
Add the openvpn user to the i2c group to access the crypto device: | |||
<pre> | <pre> | ||
Строка 333: | Строка 333: | ||
</pre> | </pre> | ||
after that, start the server with the command | |||
service openvpn start. | service openvpn start. | ||
Next, create a client configuration file on the controller: | |||
client.ovpn: | client.ovpn: | ||
<pre> | <pre> | ||
Строка 358: | Строка 358: | ||
------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ||
</pre> | </pre> | ||
Note the line group i2c. It is necessary to work with the crypto device. | |||
Then run the client: | |||
<pre> | <pre> | ||
Строка 366: | Строка 366: | ||
</pre> | </pre> | ||
If all is well, then the system should appear tun0 interface with the address from the subnet 10.8.0.0/24: | |||
<pre> | <pre> | ||
Строка 379: | Строка 379: | ||
</pre> | </pre> | ||
To check the performance run ping: | |||
<pre> | <pre> | ||
Строка 388: | Строка 388: | ||
</pre> | </pre> | ||
== | == Mosquitto settings == | ||
UPD: | UPD: | ||
Строка 468: | Строка 468: | ||
Generate a private key and certificate request: | |||
<pre> | <pre> | ||
Строка 480: | Строка 480: | ||
</pre> | </pre> | ||
Copy the file '''ca.crt''', '''mosquitto.crt''', '''mosquitto.key''' to the server and edit the configuration file '''/etc/mosquito/conf.d/server.conf''' | |||
<pre> | <pre> | ||
Строка 490: | Строка 490: | ||
</pre> | </pre> | ||
Start service: | |||
<pre> | <pre> | ||
service mosquitto start | service mosquitto start | ||
</pre> | </pre> | ||
Also, if required, you can make the local mosquitto server on the controller | |||
forwarder some topics on a remote server. To do this, create a bridge file: '''/etc/mosquitto/bridge.conf''' | |||
<pre> | <pre> | ||
Строка 508: | Строка 508: | ||
</pre> | </pre> | ||
After restarting the local service mosquito topics /test/.. will be sent to the remote server example.com | |||
secure ssl channel. | |||
Examples of client mosquitto commands. | |||
Sending a message to the "test" topic on the example.com server | |||
<pre> | <pre> | ||
Строка 518: | Строка 518: | ||
</pre> | </pre> | ||
Getting messages from the "test" topic on the example.com server | |||
<pre> | <pre> | ||
mosquitto_sub -h example.com --cert device_AP6V5MDG.crt --key 'engine:ateccx08:ATECCx08:00:04:C0:00' -t "test" --cafile ca.crt | mosquitto_sub -h example.com --cert device_AP6V5MDG.crt --key 'engine:ateccx08:ATECCx08:00:04:C0:00' -t "test" --cafile ca.crt | ||
</pre> | </pre> |
правки