Instal Openvpn di Debian
[Debian] How to install OpenVPN on your VPS
This how to will take you through installing OpenVPN onto your VPS. This example has been done with Debian Lenny 5.0.6 and the following should be noted:
is where you should put your VPS name.
is where you should put your VPN user's name
Server Configuration
Log in to your VPS via SSH
Type "su" or "sudo -s" whichever you prefer to gain root access
To install OpenVPN:
Type "apt-get update" to ensure that the package list is up to date on the system
Type "apt-get install openvpn"
To install OpenSSL:
Type "apt-get install openssl"
Type "mkdir /etc/openvpn/easy-rsa" to make new directory
Type "cp -rp /usr/share/doc/openvpn/
examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa" to copy the files to the new folder
Type "cp -rp /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/sample"
Edit vars and change variable
Type "cd /etc/openvpn/easy-rsa/" to change directory into that folder
Type "ls" to list all files in that folder
Type "nano vars" to edit the file named "vars"
Hold down Ctrl and press "w" to bring up the search function
Type "1024" and then press enter to search the file
Change "1024" to "2048"
Press "Page Down" and change the last five lines in the file which start with "export" so that your details are there
Once this is complete hold down Ctrl and press "x" to exit and when it asks if you would like to save press "y" and then enter to keep the name of the file as vars here is how mine looks:
Quote:# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="GB"
export KEY_PROVINCE="London"
export KEY_CITY="London"
export KEY_ORG="All Simple"
export KEY_EMAIL="info@.allsimple.net"
Run vars to export variable "sh vars"
Type "sh vars" Run the vars script
Type "source ./vars" to execute vars script
Quote:euq1nu:/etc/openvpn/
easy-rsa# sh vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
euq1nu:/etc/openvpn/easy-rsa# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Make the certificate authority
Type "./clean-all" To remove any previous keys
Type "./build-ca" to build the certificate authority.
Press enter for each line it asks to confirm your details, but where it asks for "Common Name" this may need changing to your server name
Quote:euq1nu:/etc/openvpn/
easy-rsa# ./clean-all
euq1nu:/etc/openvpn/easy-rsa# ./build-ca
Generating a 2048 bit RSA private key
.....................+++
....................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [London]:
Locality Name (eg, city) [London]:
Organization Name (eg, company) [All Simple]:
Organizational Unit Name (eg, section) [euq1nu]:
Common Name (eg, your name or your server's hostname) [All Simple CA]:euq1nu
Email Address [info@.allsimple.net]:
Type "./build-key-server
Press enter for fields to confirm and leave the "A challenge password" and "An optional company name" fields blank
Answer "y" to the next two questions to sign the certificate
Quote:euq1nu:/etc/openvpn/
easy-rsa# ./build-key-server euq1nu
Generating a 2048 bit RSA private key
..............................
.........+++
..........................................................................................
.+++
writing new private key to 'euq1nu.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [London]:
Locality Name (eg, city) [London]:
Organization Name (eg, company) [All Simple]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [euq1nu]:
Email Address [info@.allsimple.net]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/
openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'GB'
stateOrProvinceName :PRINTABLE:'London'
localityName :PRINTABLE:'London'
organizationName :PRINTABLE:'All Simple'
commonName :PRINTABLE:'euq1nu'
emailAddress :IA5STRING:'info@.allsimple.ne
t'
Certificate is to be certified until Jan 5 13:07:40 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Add VPN clients
Type "./build-key "
Press enter again for fields to confirm and leave the "A challenge password" and "An optional company name" fields blank. A different key is needed for each VPN client
Answer the two questions with "y" to sign the certificate
Quote:euq1nu:/etc/openvpn/
easy-rsa# ./build-key charlotte
Generating a 2048 bit RSA private key
....+++
..............................
...............+++
writing new private key to 'charlotte.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [London]:
Locality Name (eg, city) [London]:
Organization Name (eg, company) [All Simple]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [charlotte]:
Email Address [info@.allsimple.net]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/
openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'GB'
stateOrProvinceName :PRINTABLE:'London'
localityName :PRINTABLE:'London'
organizationName :PRINTABLE:'All Simple'
commonName :PRINTABLE:'charlotte'
emailAddress :IA5STRING:'info@.allsimple.ne
t'
Certificate is to be certified until Jan 5 14:46:49 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Create Diffie-Hellman (DH) settings for key exchange
Type "./build-dh" This allows sharing between peers. This will take a long time to complete, depending on your amount of memory
Quote:euq1nu:/etc/openvpn/
easy-rsa# ./build-dh
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................................................................................................+............+......................................................................................................................+...
...........
....................................................................................................................................................+...........................................................................................
.............
.........................................................................................................................................+...+................................................+..........+......................................
..........
..............................+........................................................+........................................................................................................................................................
............
.........+..............................................................................+...............................+.......................................................................................................................
.........+.
.............................................+............................................................................................................................................................+..........................+..........
...........
............................................................................................................................+................................+.........................................................................+........
...........
...................................................................................................................................................................................+...+........................................................
............
.............................................................................................+..................................................................................................................................................
.............
...........................................................................+..................................................................................................+......+...............................+..........................
...........
................................+..........................................................................+....................................................................................................................................
..+.........
.........................................................+..........................................+.....+.................................................................+...................................................................
...........
........+.....................................................................+...............................................................+.............................+........................+..........................................
..........
.....................................................................................+.............................................................................................................+........+...................................
...........
..+..............................+.....................................................................................................................+...........................................................++*++*
Now copy relevant files and place in the correct folder
Type "cd keys" to change directory into that folder
Type "ls" to list the files in that folder
Type "cp .key /etc/openvpn/"
Type "cp .crt /etc/openvpn/"
Type "cp ca.crt /etc/openvpn/"
Type "cp dh2048.pem /etc/openvpn/"
Type "cd ../.." to change up two directories
Create OpenVPN config and edit
Type "cd sample" to change directory
Type "gunzip server.conf.gz"
Type "nano server.conf" to edit that file
Hold Ctrl and press "w" to search
Type "server.crt" to search
Change "server.crt" to ".crt"
On the line below change "server.key" to ".key"
Hold Ctrl and press "w" to search
Type "dh dh" to search
On that line change "dh1024.pem" to "dh2048.pem"
Quote:# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert euq1nu.crt
key euq1nu.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh2048.pem
Hold Ctrl and press "w" to search
Type "client-to" to search
Remove the ";" from the start of that line
Quote:# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
Hold Ctrl and press "w" to search
Type "max-" to search
Remove the ";" from the start of that line
Hold Ctrl and press "x" to exit and press "y" and enter to save file as "server.conf"
Type "cp server.conf /etc/openvpn" to copy that file to that folder
Quote:# The maximum number of concurrently connected
# clients we want to allow.
max-clients 100
Create client config and edit
Type "nano client.conf" to edit file
Hold Ctrl and press "w" to search
Type "-1" to search
On the line below, change "my-server-1" to your IP address of your VPS
Quote:# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 92.48.64.128 1194
;remote my-server-2 1194
Hold Ctrl and press "w" to search
Type "client.crt" to search
Change "client.crt" to ".crt"
On the line below change "client.key" to ".key"
Hold Ctrl and press "x" to exit and press "y" and enter to save file as "client.conf"
VPN Client Configuration
Below is the configuration on setting up your VPN client on Linux.
If you have disabled root login, then you should copy the following files to your user, and use instead of , or temporarily allow root login
Type "apt-get install openvpn" and press enter to accept
Type "cd /etc/openvpn" to go to that directory
Type "scp root@:/etc/openvpn/easy-rsa/keys/.crt ." and answer yes to both questions and type the root password for the server
Each copy should look like this:
Quote:internal:/etc/openvpn# scp root@92.48.64.128:/etc/openvpn/easy-rsa/keys/
charlotte.key .
root@92.48.64.128's password:
charlotte.key 100% 1675 1.6KB/s 00:00
Type "scp root@:/etc/openvpn/
easy-rsa/keys/.key ." and type password
Type "scp root@:/etc/openvpn/
easy-rsa/keys/ca.crt ." and type password
Type "scp root@:/etc/openvpn/sample/client.conf ." and type password again
Test that the VPN can be connected to
Go back to your VPN server terminal and
Type "openvpn server.conf" to start up the VPN so it can be connected to
It should show similar to this:
Quote:euq1nu:/etc/openvpn# openvpn server.conf
Sat Jan 8 16:45:15 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Sat Jan 8 16:45:15 2011 Diffie-Hellman initialized with 2048 bit key
Sat Jan 8 16:45:15 2011 /usr/bin/openssl-vulnkey -q -b 2048 -m
Sat Jan 8 16:45:15 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 8 16:45:15 2011 ROUTE default_gateway=92.48.64.128
Sat Jan 8 16:45:15 2011 TUN/TAP device tun0 opened
Sat Jan 8 16:45:15 2011 TUN/TAP TX queue length set to 100
Sat Jan 8 16:45:15 2011 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Jan 8 16:45:15 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jan 8 16:45:15 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 8 16:45:15 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Jan 8 16:45:15 2011 UDPv4 link local (bound): [undef]:1194
Sat Jan 8 16:45:15 2011 UDPv4 link remote: [undef]
Sat Jan 8 16:45:15 2011 MULTI: multi_init called, r=256 v=256
Sat Jan 8 16:45:15 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jan 8 16:45:15 2011 IFCONFIG POOL LIST
Sat Jan 8 16:45:15 2011 Initialization Sequence Completed
Go to your client and
Type "openvpn client.conf" to allow the client to access the VPN. This should start the communication between the two.
Installing for client use with Windows
Download OpenVPN GUI (http://openvpn.se/) and install
Download the following four files:
client.conf
ca.crt
.crt
.key
to your computer into Program Files\OpenVPN\Config and rename to client.conf to client.ovpn
Then you should be able to connect to the VPN
http://cybernetwork-vps.blogspot.com
Subscribe to:
Post Comments (Atom)
Labels
About
CyberNetwork VPS menyediakan layanan VPS yang handal dan murah
Berbagai paket yang kami sediakan dari server US - Singapore - IIX
Berbagai paket yang kami sediakan dari server US - Singapore - IIX
Blog Archive
Popular Posts
-
1.seperti biasa,lakukan login root melalui ssh lalu buat group ssh nya dg cara ketik : addgroup nama_grupnya misal addgroup cybernetwork a...
-
Install hpn ssh di vps/server centos ternyata tidaklah susah asal cermat dalam melakukannya. Buat seluruh orang yang punya server VPS pa...
-
mv openssh-5.5p1 openssh-5.5p1-hpn13v9 && cd openssh-5.5p1-hpn13v9 zcat ../openssh-6.1p1-hpn13v14.diff.gz | patch apt-get install zl...
-
Bagaimana sih supaya web, vpn dan ssh bisa menggunakan satu port. contoh kasus: punya vps / dedicated server, ingin install webserver, ope...
-
sdikit info buat kalian yg sudah atau akan memakai layanan vps dr kami,ini langkah2 dasar untuk merubah port2 tertentu dr service ssh... -
Bagaimana cara mengganti password root dengan perintah SSH Jika kita punya Dedicated Server atau Virtual Dedicated Server at...
-
[Debian] How to install OpenVPN on your VPS This how to will take you through installing OpenVPN onto your VPS. This example has been d...
-
codePay Tunnel Header 1.0 - Save & Load config - Auto SSH + Proxifier Download Tool + cfg include: http://sh.st/PtaI -
Tutorial cara instalasi squid proxy pada Centos 5/6 1. Install squid yum -y install squid 2. Edit setingan pada... -
Cara mengganti port SSH sebagai berikut : 1. Login ke SSH dengan menggunakan putty 2. Ketikkan perintah : nano /etc/ssh/sshd_config ...
0 comments:
Post a Comment