Pengen Punya WebSite instan kualitas intan ?

Thursday, April 29, 2010

Install and Configure OpenVPN Server

OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL) [...read more...]

Installing OpenVPN from Zypper Repository:
#zypper in openvpn lzo-devel zlib zlib-devel openssl-devel  openvpn-auth-pam-plugin

Creating a OpenVPN Certificate
#cd  /usr/share/openvpn/easy-rsa/2.0/

#. ./vars

NOTE:
If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/2.0/keys
#./clean-all

#./build-ca

Generating a 1024 bit RSA private key
............++++++
.........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:ID
State or Province Name (full name) [CA]:Jawa Timur
Locality Name (eg, city) [SanFrancisco]:Blitar
Organization Name (eg, company) [Fort-Funston]:yoGCorporation
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:idprayoga.com
Email Address [me@myhost.mydomain]:yog.zeromind@gmail.com

yoga:/usr/share/openvpn/easy-rsa/2.0 # ./build-key-server idprayoga.com
Generating a 1024 bit RSA private key
..............................++++++
................++++++
writing new private key to 'idprayoga.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:ID
State or Province Name (full name) [CA]:Jawa Timur
Locality Name (eg, city) [SanFrancisco]:Blitar
Organization Name (eg, company) [Fort-Funston]:yoGCorporation
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) [idprayoga.com]:
Email Address [me@myhost.mydomain]:yog.zeromind@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:passwdopenvpn
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ID'
stateOrProvinceName   :PRINTABLE:'Jawa Timur'
localityName          :PRINTABLE:'Blitar'
organizationName      :PRINTABLE:'yoGCorporation'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'idprayoga.com'
emailAddress          :IA5STRING:'yog.zeromind@gmail.com'
Certificate is to be certified until Apr 25 05:40:08 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time

.....................................................................++*++*++*

Copying OpenVPN CRT and KEY to /etc/openvpn
#cd keys/
#cp ca.crt dh1024.pem idprayoga.com.key idprayoga.com /etc/openvpn/

Copying OpenVPN server.conf to /etc/openvpn
#cp /usr/share/doc/packages/openvpn/sample-config-files/server.conf  /etc/openvpn/

Modify  /etc/openvpn/server.conf
#vi /etc/openvpn/server.conf

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/idprayoga.com.crt
key /etc/openvpn/idprayoga.com.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#### make direct gateway and use google dns public server
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 20
### Enable OpenVPN to used PAM account system
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name

Natting and IP Forwarding Function
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 208.99.198.***

#echo  '1' > /proc/sys/net/ipv4/ip_forward

NOTE :
208.99.198.*** is OpenVPN server interface

Starting daemon
#/etc/init.d/openvpn start

Create a OpenVPN login User

#yast
- Security and Users
- User and Group Management
- Press TAB to [Add user] and Press ENTER
- Input Username and Password.

Example :
user : testing
pass : testing123

- Press TAB to [ OK ] and Press Enter
- Press F10 and Press F9 to quit from Yast screen

Note :
We will using user testing to connect to OpenVPN server then.
Please click this URL below for http://www.idprayoga.com/?p=161

source:http://www.wowtutorial.org/tutorial/318.html
Posted by prayoga at 7:07 AM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)