Monday, January 24, 2011

Instalasi OpenVpn Server 

Assalamualaikum Wr.Wb
  Ini adalah Settingan openvpn di ubuntu 9.04

Install openvpn

Install openvpn di Ubuntu 
apt-get install openvpn 
cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/

Pada Ubuntu 9.04 akan di terlihat folder 
/etc/openvpn/1.0 
/etc/openvpn/2.0
Mungkin ada baiknya untuk pengguna Ubuntu 8.10, 9.04, 9.10 untuk  memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara  mengcopy 

cp -Rf /etc/openvpn/2.0/* /etc/openvpn



Alternatif lain yang lebih susah, compile openvpn 

cp openvpn-2.0.9.tar.gz /usr/local/src 

cd /usr/local/src tar zxvf openvpn-2.0.9.tar.gz 

cd openvpn-2.0.9 ./configure make make install

Anda tidak perlu melakuannya, jika sudah menginstalasi openvpn menggunakan apt-get install 



Edit file vars di /etc/openvpn 


# cd /etc/openvpn/
# vi vars
     #this is to ensure secure data
     export KEY_SIZE=1024
     # These are the default values for fields
     # which will be placed in the certificate.
     # Don't leave any of these fields blank.
     export KEY_COUNTRY=ID
     export KEY_PROVINCE=DKI
     export KEY_CITY=Jakarta
     export KEY_ORG="Kerm.IT"
     export KEY_EMAIL="onno@indo.net.id"




Membuat Certificate Authority (CA)
cd /etc/openvpn/
. ./vars
./clean-all
./build-ca
Country Name (2 letter code) [ID]:
State or Province Name (full name) [DKI]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Kerm.IT]:
Organizational Unit Name (eg, section) []:Kerm.IT
Common Name (eg, your name or your server's hostname)[]
:yc0mlc.ampr.org
Email Address [onno@indo.net.id]:


Lihat keys apakah sudah di generate 


   ls -l /etc/openvpn/
   ls -l /etc/openvpn/keys


Akan tampak file berikut 


   ca.crt
   ca.key
   index.txt
   serial



Membuat Server Key
# ./build-key-server server
    Country Name (2 letter code) [ID]:
    State or Province Name (full name) [DKI]:
    Locality Name (eg, city) [Jakarta]:
    Organization Name (eg, company) [Kerm.IT]:
    Organizational Unit Name (eg, section) []:Kerm.IT
    Common Name (eg, your name or your server's hostname) []
    :yc0mlc.ampr.org
    Email Address [onno@indo.net.id]:
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:123456
    An optional company name []:Kerm.IT
    Using configuration from /etc/openvpn/openssl.cnf
    Check that the request matches the signature
       Signature ok
       The Subject's Distinguished Name is as follows
       countryName           :PRINTABLE:'ID'
       stateOrProvinceName   :PRINTABLE:'DKI'
       localityName          :PRINTABLE:'Jakarta'
       organizationName      :PRINTABLE:'Kerm.IT'
       organizationalUnitName:PRINTABLE:'Kerm.IT'
       commonName            :PRINTABLE:'yc0mlc.ampr.org'
       emailAddress          :IA5STRING:'onno@indo.net.id'
   Certificate is to be certified until Jan 13 03:34:36 2018
   GMT(3650 days)Sign the certificate? [y/n]:y
   1 out of 1 certificate requests certified, commit? [y/n]y
   Write out database with 1 new entries
   Data Base Updated



Buat Key User
Membuat key untuk user admin maupun user lainnya jika di perlukan 


 # ./build-key admin
1 out of 1 certificate requests certified, commit?
 [y/n]y
Write out database with 1 new entries
Data Base Updated


Buat key untuk user lain jika di perlukan 


 ./build-key-pass username 
 ./build-key username 


Membuat DH Parameter dari key 


 ./build-dh


 


 # openvpn --genkey --secret keys/ta.key
 # openvpn --genkey --secret keys/ca.key
 # openvpn --genkey --secret keys/ta.key







Test key
Test key 


# openvpn --genkey --secret key
# openvpn --test-crypto --secret key







Test sambungan di 2 windows
Test yang sangat berguna melihat sambungan OpenVPN dari dua (2) Windows. 


cd /etc/openvpn
cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/
/etc/openvpn/
cp -Rf /usr/share/doc/openvpn/examples/sample-keys/
/etc/openvpn/
 
openvpn --config sample-config-files/loopback-client
openvpn --config sample-config-files/loopback-server


Jika di perlukan kita dapat menginstalasi OpenVPN Administrator.

Contoh menginstalasi OpenVPN-Admin 


# apt-get install mono openvpn-admin



Edit Server.conf
# vi /etc/openvpn/server.conf
isinya kurang lebih 


# OpenVPN Server config file
# Which local IP address should OpenVPN listen on?
local 192.168.0.3

# Which TCP/UDP port should OpenVPN listen on?
port 1194

# TCP or UDP server?
proto udp

# "dev tun" will create a routed IP tunnel, 
which is what we want
dev tun

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
dh keys/dh1024.pem

# Configure server mode and supply a VPN subnet
server 192.168.111.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist ipp.txt

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
# push âroute 172.10.1.0 255.255.255.0"
# push âroute 192.168.0.0 255.255.255.0"
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
; push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.
;push "dhcp-option DNS 172.10.1.2"
# Uncomment this directive to allow different
# clients to be able to âseeâ
client-to-client

# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an âHMAC firewallâ
# to help block DoS attacks and UDP port flooding.
; tls-auth keys/ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
; comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 250

# It's a good idea to reduce the OpenVPN
# daemonâs privileges after initialization.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade. 
persist-key
persist-tun

# Output a short status file showing
status openvpn-status.log
log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20



 Cara menjalankan VPN Server
Mengaktifkan VPN Server dengan server.conf  


# openvpn --config /etc/openvpn/server.conf
Semoga Bermanfaat...
Wassalamualaikum Wr.Wb
 
 
Sumber : Speedy










posting by



at



























Label:


















1 comment:































        

      









Subscribe to:
Post Comments (Atom)