I) Creating Server Certificates
Create the server certificate with the YaST CA Management module Then save the certificate together with the key and all participating CAs in a PKCS12 file.
II) Importing a Server Certificate on the Server
Start the ‘VPN’ YaST module on the server in the YaST control center under ‘Security and Users’. In the overview, click ‘Certificates’+‘Import’ then select your saved PKCS12 file. Enter the PKCS12 password for the import. After this, the certificate is displayed in the certificate list. Clicking ‘Next’ returns to the overview.
III) Setting up a VPN Connection
Another connection must be set up to ensure that the certificate can be used for IPsec. In the overview click ‘Connections’ then select ‘Add’ in the connection overview. After you have selected ‘Road Warrior Server’ a configuration is created that accepts connections from any client if it has a valid certificate signed by the CA.
Select the connection settings in the next dialog. Enter your own IP address in ‘Local IP Address’. In the case of Internet dial-up access, this is not usually known prior to the dial-up. However, in the case of Internet access, there is usually a default route. The %defaultroute setting instructs the server to use the interface to which the default route points.
If the connection should be set up and cleared dynamically when a network interface without a default route is activated and deactivated, enter %dynamic instead. The IP addresses of the relevant interface are then used.