RecentChanges TextFormattingRules AllWikiTopics OrphanedWikiTopics ToDoWikiTopics WikiLockList RSS Export2HTML WikiSearch SetUsername StartingPoints Home |
VPN:OpenVPN @Dec 16, 2012 12:48:16 PM
To quote from http://openvpn.net/
"OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol" I'm going to create one VPN server and allow some clients to connect to it. This might be useful if you have one server on the Internet and others that are behind various firewalls to create secure Virtual Private Networks to it. ServerInstall on the server. Ubuntu would be like this (my server is Red Hat and I forget how I installed, because it was that long ago)sudo apt-get -y install openvpnCopy the easy-rsa scripts from the install directory to /etc/openvpn sudo cp -ar /usr/share/doc/openvpn-2.0/easy-rsa /etc/openvpn cd /etc/openvpn/easy-rsaClean and edit the environment variables, which saves a lot of typing in the next part sudo init-config sudo vim vars sudo . ./varsClean out the keys and build the SSL ca certificate sudo sh ./clean-all sudo sh ./build-caBuild the server's keys sudo sh ./build-key-server serverBuild any client's keys sudo sh ./build-key client1 sudo sh ./build-key client2Build the Diffie-Hellman parameter (key) file sudo sh ./build-dhCopy the server's certificates and keys to /etc/openvpn sudo cp -a keys/ca.crt ../ sudo cp -a keys/server.crt ../ sudo cp -a keys/server.key ../ sudo cp -a keys/dh1024.pem ../Copy the default server config file from the install directory to /etc/openvpn sudo cp /usr/share/doc/openvpn-2.0/sample-config-files/server.conf /etc/openvpnEdit the Open VPN server's config file sudo vi /etc/openvpn/server.confMy server's config file looks like this, if I remove all the comments port 1194 proto tcp dev tun tun-mtu 1200 ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.20.30.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir ccd route 10.0.0.0 255.0.0.0 client-to-client keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3Restart the OpenVPN service sudo /etc/init.d/openvpn restartOR sudo service openvpn restart ClientSecurely copy the certificate and keys from your server, where you just built them, to your client boxes. The files are... /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client1.crt /etc/openvpn/easy-rsa/keys/client1.keyCopy the default server config file from the install directory to /etc/openvpn cd /etc/openvpn sudo cp -a /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/Edit the Open VPN server's config file sudo vi /etc/openvpn/client.confMy client's config file looks like this, if I remove all the comments: client dev tun tun-mtu 1200 proto tcp remote openvpn.server 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ;socks-proxy socks.proxy.server 1080 # uncomment if connecting via SOCKS ;socks-proxy-retry 30 # uncomment if connecting via SOCKS ;http-proxy www.proxy.server 80 # uncomment if connecting via HTTP ;http-proxy-retry 30 # uncomment if connecting via HTTP ca ca.crt cert client.crt key client.key # This file should be kept secret ns-cert-type server comp-lzo verb 3 route 10.20.30.0 255.255.255.0Restart the OpenVPN service sudo /etc/init.d/openvpn restartOR sudo service openvpn restart |