OpenVPN: Simple Server using Script: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:




==Cek IP Publik Kita==


I am a new Ubuntu Linux server user. How do I setup an OpenVPN Server on Ubuntu Linux version 14.04 or 16.04/18.04 LTS server to shield my browsing activity from bad guys on public Wi-Fi, and more?
Jika Server tersambung langsung ke Internet, dapat menggunakan


OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN “road warrior” server on Ubuntu Linux v14.04/16.04 LTS version including ufw/iptables firewall configuration. The steps are as follows:
ip addr show eth0
ip addr show enp0s3
ip a


    Find and note down your public IP address
atau menggunakan
    Download openvpn-install.sh script
    Run openvpn-install.sh to install OpenVPN server
    Connect an OpenVPN server using IOS/Android/Linux/Windows client
    Verify your connectivity


==Find your public IP address==
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
host myip.opendns.com resolver1.opendns.com


Use any one of the following command to find out your IPv4 public address. If your internface name is eth0 or eth1, enter:
==Download openvpn-install.sh script==


$ ip addr show eth0
Download


OR
  wget https://git.io/vpn -O openvpn-install.sh
  $ ip addr show eth1
  openvpn-install.sh
 
Or use the host command or dig command as follows:
 
$ host myip.opendns.com resolver1.opendns.com
 
OR
$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
 
Sample outputs:
 
  Fig.01: Find out your public IPv4 address using the CLI
Fig.01: Find out your public IPv4 address using the CLI
 
Note down the public IP address 139.59.1.155 i.e. public ip address of your OpenVPN server.
 
Download openvpn-install.sh script to set up OpenVPN server in 5 minutes on Ubuntu


Type the following wget command or curl command:
Install OpenVPN, run,


  $ wget https://git.io/vpn -O openvpn-install.sh
  sudo bash openvpn-install.sh
openvpn-install.sh


Run openvpn-install.sh to install OpenVPN server
==Setup Firewall==


$ sudo bash openvpn-install.sh
Kadang konfigurasi Firewall bisa di lihat di /etc/rc.local file:


That is all. Your OpenVPN server has been configured and ready to use. You can see added firewall rules /etc/rc.local file:
cat /etc/rc.local


$ cat /etc/rc.local
Contoh Firewall:
 
Sample outputs:


  iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
Line 58: Line 39:
  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155
  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155


You can view your openvpn server config file generated by the script as follows (do not edit this file by hand):
Contoh konfigurasi Server openvpn,


  $ sudo more /etc/openvpn/server.conf
  sudo more /etc/openvpn/server.conf
  $ sudo vi /etc/openvpn/server.conf
  sudo vi /etc/openvpn/server.conf


Sample outputs:
Run / Control OpenVPN Server,


  port 1194
  sudo systemctl stop openvpn@server
proto udp
  sudo systemctl start openvpn@server
dev tun
  sudo systemctl restart openvpn@server
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
  key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
  server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem


How do I start/stop/restart OpenVPN server on Ubuntu Linux 16.04/18.04 LTS?
sudo /etc/init.d/openvpn stop
sudo /etc/init.d/openvpn start
sudo /etc/init.d/openvpn restart


Type the following command stop the OpenVPN service:
==ufw firewall rules (optional)==
$ sudo systemctl stop openvpn@server


Type the following command start the OpenVPN service:
Edit /etc/ufw/before.rules,
$ sudo systemctl start openvpn@server


Type the following command restart the OpenVPN service:
  sudo vi /etc/ufw/before.rules
  $ sudo systemctl restart openvpn@server
How do I start/stop/restart OpenVPN server on Ubuntu Linux 14.04 LTS?


Type the following command stop the OpenVPN service:
sudo ufw allow 1194/udp
  $ sudo /etc/init.d/openvpn stop
  sudo ufw allow 22/tcp


Type the following command start the OpenVPN service:
Edit /etc/ufw/sysctl.conf file,
$ sudo /etc/init.d/openvpn start


Type the following command restart the OpenVPN service:
  sudo vi /etc/ufw/sysctl.conf
  $ sudo /etc/init.d/openvpn restart
{Optional} How to configure and use the ufw firewall rules for the OpenVPN server


The default rules added to the /etc/rc.local file should work out of the box. However, if you have complicated firewall settings or prefer ufw to control all firewall settings on Ubuntu Linux server, try the following. First, edit the /etc/rc.local file using a text editor and comment out all firewall rules added by the script. Type the following ufw command to open port 1194 and 22 (ssh):
$ sudo ufw allow 1194/udp
$ sudo ufw allow 22/tcp
Edit the file /etc/ufw/before.rules, enter:
$ sudo vi /etc/ufw/before.rules
Save and close the file. Next edit the /etc/ufw/sysctl.conf file, enter:
$ sudo vi /etc/ufw/sysctl.conf
Find and uncomment the following line to allow this host to route packets between interfaces
  net/ipv4/ip_forward=1
  net/ipv4/ip_forward=1


Save and close the file. Enable ufw or reload if already running:
Enable / Reload ufw,
$ sudo ufw enable


sudo ufw enable
OR
OR
  $ sudo ufw reload
  sudo ufw reload
 
Verify new firewall rules:
$ sudo ufw status
$ sudo iptables -t nat -L -n -v
$ sudo iptables -L FORWARD -n -v
$ sudo iptables -L ufw-before-forward -n -v
 
==Client configuration==
 
On server your will find a client configuration file called ~/iphone.ovpn. All you have to do is copy this file to your local desktop using the scp and provide this file to your OpenVPN client to connect:
$ scp vivek@139.59.1.155:~/iphone.ovpn .
 
Next, you need to download OpenVPN client as per your operating system:
 
    Download OpenVPN client for Apple IOS version 6.x or above and install it.
    Download OpenVPN client for Android and install it.
    Download OpenVPN client for Apple MacOS (OS X) and install it.
    Download OpenVPN client for Windows 8/10 and install it.
 
MacOS/OS X OpenVPN client configuration
 
Just double click on iphone.ovpn file and it will open in your tunnelblick client > Click on the “Only me” to install it.
Fig.03: MacOS / OS X openvpn client configuration
Fig.03: MacOS / OS X openvpn client configuration
 
Once installed click on Connect button and you will be online. Use the following command on MacOS client to verify that your public IP changed to the VPN server IP:
$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
 
You can ping to OpenVPN server private IP:
$ ping 10.8.0.1
 
Linux OpenVPN client configuration
 
First, install the openvpn client, enter:
$ sudo yum install openvpn
 
OR
$ sudo apt install openvpn
 
Next, copy iphone.ovpn as follows:
$ sudo cp iphone.ovpn /etc/openvpn/client.conf
 
Test connectivity from the CLI:
$ sudo openvpn --client --config /etc/openvpn/client.conf
 
Your Linux system will automatically connect when computer restart using /etc/init.d/openvpn script:
$ sudo /etc/init.d/openvpn start
 
For systemd based system, use the following command:
$ sudo systemctl start openvpn@client
 
Test the connectivity:
$ ping 10.8.0.1 #Ping to OpenVPN server gateway
$ ip route #Make sure routing setup
$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Make sure your public IP set to OpenVPN server
FreeBSD OpenVPN client configuration
 
First, install the openvpn client, enter:
$ sudo pkg install openvpn
 
Next, copy iphone.ovpn as follows:
$ mkdir -p /usr/local/etc/openvpn/
$ sudo cp iphone.ovpn /usr/local/etc/openvpn/client.conf


Edit /etc/rc.conf and add the following:
Verify,


  openvpn_enable="YES"
  sudo ufw status
  openvpn_configfile="/usr/local/etc/openvpn/client.conf"
  sudo iptables -t nat -L -n -v
sudo iptables -L FORWARD -n -v
sudo iptables -L ufw-before-forward -n -v


Start the OpenVPN service:
==Menambah CLIENT==
$ sudo /usr/local/etc/rc.d/openvpn start


Verify it:
Untuk menambah Client OpenVPN, jalankan ulang,
$ ping 10.8.0.1 #Ping to OpenVPN server gateway
$
$ netstat -nr #Make sure routing setup
$
$ drill myip.opendns.com @resolver1.opendns.com #Make sure your public IP set to OpenVPN server
How do I add a new client?


For demo purpose I added a new device called iphone. Let us add one more device called googlephone by running the script again:
  sudo bash openvpn-install.sh
  $ sudo bash openvpn-install.sh


Sample outputs:
Keluaran:


Looks like OpenVPN is already installed
Looks like OpenVPN is already installed
What do you want to do?
    1) Add a cert for a new user
    2) Revoke existing user cert
    3) Remove OpenVPN
    4) Exit
Select an option [1-4]:


What do you want to do?
  1) Add a cert for a new user
  2) Revoke existing user cert
  3) Remove OpenVPN
  4) Exit
Select an option [1-4]:


Pilih [1] untuk menambahkan Client OpenVPN.


==Referensi==
==Referensi==

Latest revision as of 01:49, 31 March 2020

sumber: https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/


Cek IP Publik Kita

Jika Server tersambung langsung ke Internet, dapat menggunakan 

ip addr show eth0
ip addr show enp0s3
ip a

atau menggunakan 

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
host myip.opendns.com resolver1.opendns.com

Download openvpn-install.sh script

Download 

wget https://git.io/vpn -O openvpn-install.sh
openvpn-install.sh

Install OpenVPN, run, 

sudo bash openvpn-install.sh

Setup Firewall

Kadang konfigurasi Firewall bisa di lihat di /etc/rc.local file: 

cat /etc/rc.local

Contoh Firewall: 

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155

Contoh konfigurasi Server openvpn, 

sudo more /etc/openvpn/server.conf
sudo vi /etc/openvpn/server.conf

Run / Control OpenVPN Server, 

sudo systemctl stop openvpn@server
sudo systemctl start openvpn@server
sudo systemctl restart openvpn@server

sudo /etc/init.d/openvpn stop
sudo /etc/init.d/openvpn start
sudo /etc/init.d/openvpn restart

ufw firewall rules (optional)

Edit /etc/ufw/before.rules, 

sudo vi /etc/ufw/before.rules

sudo ufw allow 1194/udp
sudo ufw allow 22/tcp

Edit /etc/ufw/sysctl.conf file, 

sudo vi /etc/ufw/sysctl.conf

net/ipv4/ip_forward=1

Enable / Reload ufw, 

sudo ufw enable

OR 

sudo ufw reload

Verify, 

sudo ufw status
sudo iptables -t nat -L -n -v
sudo iptables -L FORWARD -n -v
sudo iptables -L ufw-before-forward -n -v

Menambah CLIENT

Untuk menambah Client OpenVPN, jalankan ulang, 

sudo bash openvpn-install.sh

Keluaran: 

Looks like OpenVPN is already installed

What do you want to do?
   1) Add a cert for a new user
   2) Revoke existing user cert
   3) Remove OpenVPN
   4) Exit 
Select an option [1-4]:


Pilih [1] untuk menambahkan Client OpenVPN.

Referensi

Pranala Menarik

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=OpenVPN:_Simple_Server_using_Script&oldid=60669"