here bellow my simple openvpn client and master with tap
openvpn-2.2.2
slackware 13.37(master) and slackware 13.0(client)
ip openvpn server : 11.11.11.1
ip client :192.168.1.191
ip openvpn client : 11.11.11.203
for the first download openvpn on http://openvpn.net/index.php/download.html
you can choose source Tarbal openvpn-2.2.2.tar.gz
follow the BOLD TEXT
copy this source to client
configure and install both server and client
modprobe tun
tar -xvf openvpn-2.2.2.tar.gz
cd openvpn-2.2.2
./configure
make
make install
-------------------------------------------------------------------------------------------------
==========================================
for server
==========================================
-----------------------------------------------------------------------------------------------
cp -a /yourpath/openvpn-2.2.2/easy-rsa /etc/openvpn/
cp /yourpath/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/
create keys :
cd /etc/openvpn/easy-rsa/2.0
source ./vars
-------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
---------------------------------------------------------------------------------------------------
./clean-all
./build-ca
----------------------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# ./build-ca
Generating a 1024 bit RSA private key
.............++++++
....................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:servervpn
Email Address [mail@host.domain]:
----------------------------------------------------------------------------------------------------
./build-key-server servervpn
----------------------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# ./build-key-server servervpn
Generating a 1024 bit RSA private key
..........++++++
......................................................++++++
writing new private key to 'servervpn.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [servervpn]:
Name [changeme]:
Email Address [mail@host.domain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'servervpn'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Apr 16 07:46:46 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
-------------------------------------------------------------------------------------------------------
./build-key branch1
-------------------------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# ./build-key branch1
Generating a 1024 bit RSA private key
.......++++++
..++++++
writing new private key to 'branch1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [branch1]:
Name [changeme]:
Email Address [mail@host.domain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'branch1'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:'mail@host.domain'
Certificate is to be certified until Apr 16 07:50:56 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
-------------------------------------------------------------------------------------------------------
./build-dh
--------------------------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..+....................................................
.+...........................................+.........
............++*++*++*
----------------------------------------------------
root@HO-pgpool:/etc/openvpn/easy-rsa/2.0# ls keys/
01.pem branch1.csr ca.key index.txt.attr serial servervpn.csr
02.pem branch1.key dh1024.pem index.txt.attr.old serial.old servervpn.key
branch1.crt ca.crt index.txt index.txt.old servervpn.crt
----------------------------------------------------------------------------------------------------
cd keys
mkdir /etc/openvpn/keys
cp ca.crt dh1024.pem servervpn.crt servervpn.key /etc/openvpn/keys/
cd /etc/openvpn/
create server.conf
nano server.conf
----------------------------------------------------------------------------------------------------------
local 192.168.1.234
port 1194
proto tcp-server
dev tap
ca ca.crt
cert servervpn.crt
key servervpn.key # This file should be kept secret
dh dh1024.pem
mode server
tls-server
ifconfig 11.11.11.1 255.255.255.0
ifconfig-pool 11.11.11.200 11.11.11.254 255.255.255.0
#push "ifconfig 10.11.204.201 255.255.255.0"
#push "route 192.168.168.0 255.255.255.0 10.11.204.1"
#push "route 192.168.188.0 255.255.255.0 10.11.204.1"
#push "route 192.168.77.0 255.255.255.0 10.11.204.1"
push "route 0.0.0.0 0.0.0.0 11.11.11.1"
client-config-dir /etc/openvpn/ccd
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
;mute 20
--------------------------------------------------------------------------------------------------------
create stater file executable
nano stater.sh
----------------------------------------------------------------------------------------------------
#!/bin/sh
/usr/sbin/openvpn --cd /etc/openvpn/keys --daemon --config /etc/openvpn/server.conf
-----------------------------------------------------------------------------------------------------
chmod a+x stater.sh
create ccd directory
mkdir /etc/openvpn/ccd
cd ccd
nano branch1
-----------------------------------------------------------------------------------------------------
ifconfig-push 11.11.11.203 255.255.255.0
-----------------------------------------------------------------------------------------------------
with file branch1 will give ip client 11.11.11.203
running the vpn server
./stater.sh
you can check with
ifconfig
you will find tap0 the vpn ip
-----------------------------------------------------------------------------------------------------
root@HO-pgpool:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:e6:5f:75:ee
inet addr:192.168.1.234 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:e6ff:fe5f:75ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47417 errors:0 dropped:727 overruns:0 frame:0
TX packets:5610 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7341469 (7.0 MiB) TX bytes:1589473 (1.5 MiB)
Interrupt:23 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1032 (1.0 KiB) TX bytes:1032 (1.0 KiB)
tap0 Link encap:Ethernet HWaddr c6:2a:36:10:d5:1a
inet addr:11.11.11.1 Bcast:11.11.11.255 Mask:255.255.255.0
inet6 addr: fe80::c42a:36ff:fe10:d51a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
---------------------------------------------------------------------------------------------------
scp branch1.crt branch1.key ca.crt 192.168.1.191:/etc/openvpn/keys/
root@192.168.1.191's password:
branch1.crt 100% 4012 3.9KB/s 00:00
branch1.key 100% 887 0.9KB/s 00:00
ca.crt 100% 1387 1.4KB/s 00:00
----------------------------------------------------------------------------------------------------
===========================================
for client
===========================================
---------------------------------------------------------------------------------------------------
modprobe tun
cd /etc/openvpn/
create stater
nano stater.sh
----------------------------------------------------------------------------------------------------
#!/bin/sh
/usr/sbin/openvpn --cd /etc/openvpn/keys --daemon --config /etc/openvpn/client.conf
--------------------------------------------------------------------------------------------------------
chmod a+x stater.sh
create client.conf
nano client.conf
-------------------------------------------------------------------------------------------------------
client
dev tap
proto tcp
remote 192.168.1.234
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert branch1.crt
key branch1.key
comp-lzo
verb 3
mute 20
log-append /var/log/openvpncli.log
------------------------------------------------------------------------------------------------------
run the vpnclient
./stater.sh
and see the tap with ifconfig
ifconfig
------------------------------------------------------------------------------------------------------
root@<o000o>:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:e6:df:58:de
inet addr:192.168.1.191 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:e6ff:fedf:58de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66215295 errors:0 dropped:0 overruns:0 frame:0
TX packets:43617824 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16847421334 (15.6 GiB) TX bytes:5671321099 (5.2 GiB)
Interrupt:25 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1111 errors:0 dropped:0 overruns:0 frame:0
TX packets:1111 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:110499 (107.9 KiB) TX bytes:110499 (107.9 KiB)
tap0 Link encap:Ethernet HWaddr ce:2a:d0:9a:99:26
inet addr:11.11.11.203 Bcast:11.11.11.255 Mask:255.255.255.0
inet6 addr: fe80::cc2a:d0ff:fe9a:9926/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:168 (168.0 B)
------------------------------------------------------------------------------------------------------
test connction to vpn server with ping
ping 11.11.11.203
root@<o000o>:/etc/openvpn# ping 11.11.11.203
PING 11.11.11.203 (11.11.11.203) 56(84) bytes of data.
64 bytes from 11.11.11.203: icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from 11.11.11.203: icmp_seq=2 ttl=64 time=0.013 ms
64 bytes from 11.11.11.203: icmp_seq=3 ttl=64 time=0.013 ms
64 bytes from 11.11.11.203: icmp_seq=4 ttl=64 time=0.014 ms
64 bytes from 11.11.11.203: icmp_seq=5 ttl=64 time=0.014 ms
^C
--- 11.11.11.203 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.013/0.015/0.023/0.005 ms
----------------------------------------------------------------------------------------------
if you can not find the tap please see log at :
/var/log/syslog
/var/log/openvpn.log
ping with real ip
ping 192.168.88.21 -I eth0
==============================================
Multi client or add new client
==============================================
you can create connection with many client
example :branch2 branch3 branch4 ...
just create again the client keys on server
cd /etc/openvpn/easy-rsa/2.0/
source ./vars
( do not ./clean-all )
./build-key branch2
./build-key branch3
. . .
and add file branch2 branch3 ... on /etc/openvpn/ccd/ directory ( on server )
nano branch2
-----------------------------------------------------------------------------------------------------
ifconfig-push 11.11.11.203 255.255.255.0
-----------------------------------------------------------------------------------------------------
nano branch3
-----------------------------------------------------------------------------------------------------
ifconfig-push 11.11.11.204 255.255.255.0
-----------------------------------------------------------------------------------------------------
and then create client again for branch2 and branch3
this configuration work on my openvpn
enjoy your vpn
happy slackware........
othersite :
http://www.techrepublic.com/blog/opensource/how-to-set-up-an-openvpn-server/1873
http://xmalakaji.wordpress.com/2010/09/04/konfigurasi-openvpn-di-slackware/
http://www2.essex.ac.uk/cs/openvpn/windows7/setup-windows7.htm
http://www.fiberworks.com/Support/OpenVPN/tabid/171/language/en-US/Default.aspx
http://nikinuryadin.wordpress.com/2010/04/16/step-by-step-setting-up-openvpn-in-debian-with-routing-tun-connection/
Tidak ada komentar:
Posting Komentar