Instalasi OpenVPN: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) No edit summary |
Onnowpurbo (talk | contribs) No edit summary |
||
| Line 11: | Line 11: | ||
/etc/openvpn/2.0 | /etc/openvpn/2.0 | ||
Mungkin ada baiknya untuk pengguna Ubuntu 8.10 untuk memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara mengcopy | Mungkin ada baiknya untuk pengguna Ubuntu 8.10, 9.04 untuk memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara mengcopy | ||
# cp -Rf /etc/openvpn/2.0/* /etc/openvpn | # cp -Rf /etc/openvpn/2.0/* /etc/openvpn | ||
| Line 25: | Line 25: | ||
# make | # make | ||
# make install | # make install | ||
Anda tidak perlu mengcompile dari source code, jika sudah menginstalasi openvpn menggunakan apt-get install | |||
Edit file vars di /etc/openvpn | Edit file vars di /etc/openvpn | ||
Revision as of 02:06, 22 June 2009
Install openvpn
Install openvpn di Ubuntu
# apt-get install openvpn # cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/
Pada Ubuntu 8.10 akan di terlihat folder
/etc/openvpn/1.0 /etc/openvpn/2.0
Mungkin ada baiknya untuk pengguna Ubuntu 8.10, 9.04 untuk memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara mengcopy
# cp -Rf /etc/openvpn/2.0/* /etc/openvpn
Alternatif lain yang lebih susah, compile openvpn dari source code
# cp openvpn-2.0.9.tar.gz /usr/local/src # cd /usr/local/src # tar zxvf openvpn-2.0.9.tar.gz # cd openvpn-2.0.9 # ./configure # make # make install
Anda tidak perlu mengcompile dari source code, jika sudah menginstalasi openvpn menggunakan apt-get install
Edit file vars di /etc/openvpn
# cd /etc/openvpn/
# vi vars
#this is to ensure secure data
export KEY_SIZE=1024
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY=ID
export KEY_PROVINCE=DKI
export KEY_CITY=Jakarta
export KEY_ORG="Kerm.IT"
export KEY_EMAIL="onno@indo.net.id"
Membuat Certificate Authority (CA)
# cd /etc/openvpn/
. ./vars
./clean-all
./build-ca
Country Name (2 letter code) [ID]:
State or Province Name (full name) [DKI]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Kerm.IT]:
Organizational Unit Name (eg, section) []:Kerm.IT
Common Name (eg, your name or your server's hostname) []:yc0mlc.ampr.org
Email Address [onno@indo.net.id]:
Lihat keys apakah sudah di generate
# ls -l /etc/openvpn/ # ls -l /etc/openvpn/keys
Akan tampak file berikut
ca.crt ca.key index.txt serial
Membuat Server Key
# ./build-key-server server
Country Name (2 letter code) [ID]:
State or Province Name (full name) [DKI]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Kerm.IT]:
Organizational Unit Name (eg, section) []:Kerm.IT
Common Name (eg, your name or your server's hostname) []:yc0mlc.ampr.org
Email Address [onno@indo.net.id]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:Kerm.IT
Using configuration from /etc/openvpn/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'ID'
stateOrProvinceName :PRINTABLE:'DKI'
localityName :PRINTABLE:'Jakarta'
organizationName :PRINTABLE:'Kerm.IT'
organizationalUnitName:PRINTABLE:'Kerm.IT'
commonName :PRINTABLE:'yc0mlc.ampr.org'
emailAddress :IA5STRING:'onno@indo.net.id'
Certificate is to be certified until Jan 13 03:34:36 2018 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Buat Key User
Membuat key untuk user admin maupun user lainnya jika di perlukan
# ./build-key admin
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Buat key untuk user lain jika di perlukan
./build-key-pass username ./build-key username
Membuat DH Parameter dari key
./build-dh
# openvpn --genkey --secret keys/ta.key
# openvpn --genkey --secret keys/ca.key # openvpn --genkey --secret keys/ta.key
Test key
Test key
# openvpn --genkey --secret key # openvpn --test-crypto --secret key
Test sambungan di 2 windows
Test yang sangat berguna melihat sambungan OpenVPN dari dua (2) Windows.
# cd /etc/openvpn # cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/ # cp -Rf /usr/share/doc/openvpn/examples/sample-keys/ /etc/openvpn/ # openvpn --config sample-config-files/loopback-client # openvpn --config sample-config-files/loopback-server
Jika di perlukan kita dapat menginstalasi OpenVPN Administrator.
Contoh menginstalasi OpenVPN-Admin
# apt-get install mono openvpn-admin
Edit Server.conf
# vi /etc/openvpn/server.conf
isinya kurang lebih
# OpenVPN Server config file # Which local IP address should OpenVPN listen on? (optional) local 192.168.0.3
# Which TCP/UDP port should OpenVPN listen on? port 1194
# TCP or UDP server? proto udp
# "dev tun" will create a routed IP tunnel, which is what we want dev tun
# SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. ca keys/ca.crt cert keys/server.crt key keys/server.key # This file should be kept secret # Diffie hellman parameters. dh keys/dh1024.pem
# Configure server mode and supply a VPN subnet server 192.168.111.0 255.255.255.0
# Maintain a record of client <-> virtual IP address # associations in this file. ifconfig-pool-persist ipp.txt
# Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. # push âroute 172.10.1.0 255.255.255.0" # push âroute 192.168.0.0 255.255.255.0" # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN ; push "redirect-gateway" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. ;push "dhcp-option DNS 172.10.1.2" # Uncomment this directive to allow different # clients to be able to âseeâ client-to-client
# Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120
# For extra security beyond that provided # by SSL/TLS, create an âHMAC firewallâ # to help block DoS attacks and UDP port flooding. ; tls-auth keys/ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link. ; comp-lzo
# The maximum number of concurrently connected # clients we want to allow. max-clients 250
# It's a good idea to reduce the OpenVPN # daemonâs privileges after initialization. user nobody group nogroup
# The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun
# Output a short status file showing status openvpn-status.log log-append openvpn.log
# Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 4
# Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. mute 20
Cara menjalankan VPN Server
Mengaktifkan VPN Server dengan server.conf (from www.openvpn.org)
# openvpn --config /etc/openvpn/server.conf
