The first step in the vps make sure that you've installed TUN/TAP
#ls -al /dev/net/tun
And the results if there are devices
-bash-3.2# ls -al /dev/net/tun
crw------- 1 root root 10, 200 2009-08-01 01:45 /dev/net/tun
Okay then we install gcc
#yum install gcc
Download the package required:
#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Install and build the required packages:
#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel
#yum install make
Install thehas been downloaded package by rpm
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpmbuild -tb openvpn-2.0.9.tar.gz
#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm
Note that the directory name may be different, if its 64bit machine then the directory is typically: / usr/src/redhat/RPMS/x86_64 /
Now we copy its configuration files to the folder / etc / openvpn.
#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
Building certificate
way, we enter the directory / etc/openvpn/easy-rsa/2.0
#cd /etc/openvpn/easy-rsa/2.0
#source ./vars
#./vars
#./clean-all
#./build-ca
will appear something like this:
Generating a 1024 bit RSA private key
………………………++++++
…………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [KG]:State or Province Name (full name) [NA]:Locality Name (eg, city) [BISHKEK]: Organization Name (eg, company) [OpenVPN-TEST]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server’s hostname) []: OpenVPN-CAEmail Address [me@myhost.mydomain]:
hit enter only to be filled only on the field "Common Name" (in whatever content)
Build key server
#./build-key-server server
hit enter only to be filled only on the field "Common Name" this time in the contents of the "server" (without the quotes)
Build Diffie Hellman
#./build-dh
Now let us copy certificate to /etc/openvpn/keys
#cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R
server.conf create a file and put it in /etc/openvpn, fill with the following line:
local 192.168.x.x # adjust to your server's IP
port 9201 # port opened
proto tcp # select UDP or TC
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt # the location of the certificate ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt # the location of the certificate server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key # the location of server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem # the location of dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.1 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
The server is ready to run, with the command:
#service openvpn start
or
#openvpn /etc/openvpn/server.conf
Okay now OpenVPN server is ready, now lives how so clients can enjoy the connection. What we will do is firewall settings:
1. Enabling packet forwarding with the command:
#echo 1 > /proc/sys/net/ipv4/ip_forward
2. Edit NAT table for MASQUERADINGThe following command specific to a Dedicated Server only:
#iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -o eth0 -j MASQUERADE
As for the VPS, the command is:
#iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -o venet0 -j SNAT --to 191.168.x.x
IP is adjusted with IP venet0 on your VPS.
Okay installed OpenVPN in VPS. now we configurations for client
Konfigurasi Client OpenVPN
Download OpenVPN Client Here..
http://openvpn.net/download.html
Download a certificate that has been created on the server to the client.
certificates are in / etc/openvpn/easy-rsa/2.0/keys /
the file "ca.crt"
Create a client configuration file openvpn:
paste config below into notepad and save it with name "*. ovpn" example: "myvpn.ovpn" (without the quotes)
client
dev tun
proto tcp
remote 192.168.x.x 9201 # server ip and port
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
route-method exe
redirect-gateway def1
ca king.crt
auth-user-pass
comp-lzo
verb 3
if so, save it and place it in the folder c: \ program files\openvpn\config
Okay now the client setup is complete we make.
what we need now simply add a user on our vps vpn so that clients can access.
Login as root vps
then add the following command :
#useradd user -s /bin/false
#passwd user
Then type the desired password
Now we just run the VPN client and enter the user password that we created earlier
good luck and good luck.
0 Comments:
Post a Comment