Beranda > Linux, Tutorial > Setup openvpn on centos 5.3

Setup openvpn on centos 5.3


        

Konfigurasi network gw begini :

  • The OpenVPN server at 202.150.x.x Port 1194
  • The client is somewhere on the Internet.
  • The client/server P2P network is 192.168.100.0/24 or, rather, a /32 network in that network..

Install library packet

2. Install Openvpn

[root@router ~]# yum install openvpn

3.  copy scripts sample dulu broo :

– cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

– cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn

– cp /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnf /etc/openvpn

4. b4 running scripts, make sure file dapat di executable :

– cd /etc/openvpn/easy-rsa

– chmod +x clean-all

-chmod +a build*

5. CA harus di “modify” dlu : (sesuaikan dengan keinginan)

export KEY_COUNTRY=ID
export KEY_PROVINCE=JABAR
export KEY_CITY=CIMAHI
export KEY_ORG=”VPN-UDG”
export KEY_EMAIL=”indratn@gmail.com”

6. save configuration at above,  run command di bawah :

[root@router easy-rsa]#. ./vars
[root@router easy-rsa]#mkdir /etc/openvpn/keys
[root@router easy-rsa]#./clean-all

7. Now your configuration “dah”  ready nih ,now  create your server CA authentication files :

[root@router ~]#cd /etc/openvpn/easy-rsa

[root@router easy-rsa]#./build-ca   ————–> enter2 aja dah nyang penting isi “common name”

Generating a 1024 bit RSA private key

………………………++++++

…………………….++++++

writing new private key to ‘ca.key’

—–

You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–

Country Name (2 letter code) [ID]:

State or Province Name (full name) [JAWA BARAT]:

Locality Name (eg, city) [CIMAHI]:

Organization Name (eg, company) [VPN-UDG]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server’s hostname) []: isi hostname VPN server disini

OpenVPN-CAEmail Address [indratn@gmail.com]:

——————————————————————————————————————————————–

8.  create / build server key :

[root@router easy-rsa]# ./build-key-server  (yourhostnameserver) ————-> enter2 aja, “common name” aja

Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jabar]:
Locality Name (eg, city) [Cimahi]:AtHome
Organization Name (eg, company) [UDG-VPN]:
Organizational Unit Name (eg, section) []:AtHome
Common Name (eg, your name or your server’s hostname) [server]: —> Type your server hostname here
Email Address [indratn@gmail.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

9. Build Diffie Hellman

( creates the dh1024.pem or dh2048.pem files, depending on KEY-SIZE variable. Please note: if you change KEY_SIZE you must re-do all steps above begining with source var )

[root@router easy-rsa]#./build-dh

10. now, modify server.conf file, klo gw kya gini niiih …..

[root@router easy-rsa]#vim /etc/openvpn/server.conf

############### Created By Indra Nugraha #################################

port 1194
dev tun
tls-server
mode server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/router.xxxx.net.crt
key /etc/openvpn/keys/router.xxxxx.net.key
dh /etc/openvpn/keys/dh1024.pem
ifconfig 192.168.100.1 192.168.100.2
ifconfig-pool 192.168.100.5 192.168.100.200 # IP range clients
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
#keep tunnel open by ping
push “ping 10”
push “ping-restart 60”
ping 10
ping-restart 120
#route to be established on the server
route-up “route delete -net 192.168.100.0/24”
route-up “route add -net 192.168.100.0/24 tun0”
#route to push to clients
push “route 192.168.1.0 255.255.255.0” #route to company network
push “dhcp-option DOMAIN router.xxxxx.net”  #push the DNS domain suffix
push “dhcp-option DNS 192.168.1.1”  #push DNS entries to client
push “dhcp-option DNS 192.168.1.8”
push “route 192.168.100.1″ # add route to protected network
comp-lzo
status-version 2
status openvpn-status.log
verb 5
####################### end server config ##############

11. Build certificated for client :

[root@router easy-rsa]# ./build-key nadia

12. restart server vpn :

[root@router ~]# service openvpn restart

12. Client Install,yg  gampang aja ya pake ” Windows XP”

download openvpn for windows XP client  –> http://openvpn.net/

After the setup has installed everything, you should adjust the config settings in D:/Program Files/OpenVPN/config/*.ovpn to those you want.

13. copy (use SCP,FTP, samba) client certificated (/etc/openvpn/keys) to path installation openvpn on windows XP :

D:\Program Files\OpenVPN\config

and then create .ovpn user file using notepad. ex : nadia.ovpn. punya gw kya geneee …

####################nadia.ovpn######
port 1194 #udp by default
dev tun
##remote is the openvpn-server
remote 202.150.xxx.xxx
tls-client
ca ca.crt
cert nadia.crt
key nadia.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
#ip-win32 ipapi|manual|dynamic|netsh (see man page, use
#when ip address on interface does not appear, but dhcp server
#is visible in ipconfig /all)
#ip-win32 ipapi
comp-lzo
verb 4

####################################################################

14. get the firewall iptables rules on the server,  punya gw kya geneeee ….

#interface internet on eth1 add openvpn port 1194
iptables --append INPUT -p udp --dport 1194 -m state --state NEW -i eth1 -j ACCEPT
#screens traffic from networks/hosts outside the tunnel, going to internal networks and back. we want this traffic to go through,
iptables --append FORWARD -i tun0 -m state --state NEW --jump LOG --log-prefix Tunnel_into_intranet
#you should know the networks allowed in and out through the tunnel
#let client network in.
iptables --append FORWARD -i tun0 --source 192.168.1.0/255.255.255.0 -j ACCEPT
iptables --append FORWARD -i tun0 --source 192.168.100.0/255.255.255.0 -j ACCEPT
#service iptables save
#service openvpn restart 

15. test client coonection to VPN Server :
klik openvpn gui on windows xp taskbar and see view status
on openvpn server run this command :
[root@router ~]#tail -f /var/log/openvpn.log
Iklan
Kategori:Linux, Tutorial
  1. Juli 28, 2012 pukul 12:55 am

    Admiring the time and energy you put into your site and in depth
    information you offer. It’s great to come across a blog every once in a while that isn’t the same outdated rehashed
    information. Great read! I’ve saved your site and I’m including your RSS
    feeds to my Google account.

  1. No trackbacks yet.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: