Install openvpn di Ubuntu
# apt-get install openvpn
# cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/
Atau Bisa Dengan Cara Ini, Download openvpn disini
# cp openvpn-2.0.9.tar.gz /usr/local/src
# cd /usr/local/src
# tar zxvf openvpn-2.0.9.tar.gz
# cd openvpn-2.0.9
# ./configure
# make
# make install
Edit file vars di /etc/openvpn
# cd /etc/openvpn/
# vi vars
#this is to ensure secure data
export KEY_SIZE=1024
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY=ID
export KEY_PROVINCE=Kepri
export KEY_CITY=Batam
export KEY_ORG="anakalia"
export KEY_EMAIL="ipay@anakalia.net"
Buat Certificate Authority (CA)
# cd /etc/openvpn/
. ./vars
./clean-all
./build-ca
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Kepri]:
Locality Name (eg, city) [Batam]:
Organization Name (eg, company) [anakalia]:
Organizational Unit Name (eg, section) []:anakalia
Common Name (eg, your name or your server's hostname) []:server.anakalia.net
Email Address [ipay@anakalia.net]:
Lihat keys yang sudah di generate
# ls -l /etc/openvpn/
# ls -l /etc/openvpn/keys
ca.crt
ca.key
index.txt
serial
Buat Server Key
# ./build-key-server server
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Batam]:
Locality Name (eg, city) [Batam]:
Organization Name (eg, company) [anakalia]:
Organizational Unit Name (eg, section) []:anakalia
Common Name (eg, your name or your server's hostname) []:server.anakalia.net
Email Address [ipay@anakalia.net]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1q2w3e4r5t
An optional company name []:anakalia
Using configuration from /etc/openvpn/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'ID'
stateOrProvinceName :PRINTABLE:'Kepri'
localityName :PRINTABLE:'Batam'
organizationName :PRINTABLE:'anakalia'
organizationalUnitName:PRINTABLE:'anakalia'
commonName :PRINTABLE:'server.anakalia.net'
emailAddress :IA5STRING:'ipay@anakalia.net'
Certificate is to be certified until Feb 28 03:34:36 2018 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Buat key untuk user admin maupun user lainnya jika di perlukan
# ./build-key adminBuat key untuk user lain jika di perlukan
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
./build-key-pass usernameTest key
./build-key username
./build-dh
# openvpn --genkey --secret keys/ta.key
# openvpn --genkey --secret keys/ca.key
# openvpn --genkey --secret keys/ta.key
# openvpn --genkey --secret key
# openvpn --test-crypto --secret key
Test sambungan di 2 windows
# cd /etc/openvpnInstalasi OpenVPN-Admin
# cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/
# cp -Rf /usr/share/doc/openvpn/examples/sample-keys/ /etc/openvpn/
# openvpn --config sample-config-files/loopback-client
# openvpn --config sample-config-files/loopback-server
# apt-get install mono openvpn-adminmenjalankan VPN Server dengan server.conf
# openvpn --config /etc/openvpn/server.confCara menjalankan VPN client dengan client.conf (from www.openvpn.org)
# openvpn --config /etc/openvpn/client.confEdit Server.conf
# vi /etc/openvpn/server.confkurang lebih isinya seperti ini
#OpenVPN Server config fileSumber : Artikelna Onno | linux.or.id
# Which local IP address should OpenVPN listen on? (optional)
# local 10.1.1.2
local 192.168.0.2
# Which TCP/UDP port should OpenVPN listen on?
port 1194
# TCP or UDP server?
proto tcp
# "dev tun" will create a routed IP tunnel, which is what we want
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
dh keys/dh1024.pem
# Configure server mode and supply a VPN subnet
server 192.168.1.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist ipp.txt
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
# push “route 172.10.1.0 255.255.255.0"
# push “route 192.168.0.0 255.255.255.0"
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
push “redirect-gateway”
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.
;push “dhcp-option DNS 172.10.1.2′′
0 komentar:
Posting Komentar