Difference between revisions of "Instalasi OpenVPN"

From OnnoWiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Membuat Server OpenVPN ==
+
==Install openvpn==
  
 +
Install openvpn di Ubuntu
 +
 +
apt-get install openvpn
 +
cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/
 +
 +
Pada Ubuntu 8.10 akan di terlihat folder
 +
 +
/etc/openvpn/1.0
 +
/etc/openvpn/2.0
  
Install openvpn di Ubuntu
+
Mungkin ada baiknya untuk pengguna Ubuntu 8.10, 9.04, 9.10 untuk memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara mengcopy
 +
 
 +
cp -Rf /etc/openvpn/2.0/* /etc/openvpn
  
# apt-get install openvpn
+
Alternatif lain yang lebih susah, compile openvpn dari [[source code]]
# cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/
 
  
 +
cp openvpn-2.0.9.tar.gz /usr/local/src
 +
cd /usr/local/src
 +
tar zxvf openvpn-2.0.9.tar.gz
 +
cd openvpn-2.0.9
 +
./configure
 +
make
 +
make install
  
Alternatif lain yang lebih susah, compile openvpn dari source code
+
Anda tidak perlu mengcompile dari [[source code]], jika sudah menginstalasi openvpn menggunakan apt-get install
  
# cp openvpn-2.0.9.tar.gz /usr/local/src
 
# cd /usr/local/src
 
# tar zxvf openvpn-2.0.9.tar.gz
 
# cd openvpn-2.0.9
 
# ./configure
 
# make
 
# make install
 
  
 
Edit file vars di /etc/openvpn
 
Edit file vars di /etc/openvpn
Line 33: Line 43:
 
       export KEY_EMAIL="onno@indo.net.id"
 
       export KEY_EMAIL="onno@indo.net.id"
  
 +
==Membuat Certificate Authority (CA)==
  
Buat Certificate Authority (CA)
+
  cd /etc/openvpn/
 
 
  # cd /etc/openvpn/
 
 
  . ./vars
 
  . ./vars
 
  ./clean-all
 
  ./clean-all
Line 51: Line 60:
 
Lihat keys apakah sudah di generate
 
Lihat keys apakah sudah di generate
  
  # ls -l /etc/openvpn/
+
  ls -l /etc/openvpn/
  # ls -l /etc/openvpn/keys
+
  ls -l /etc/openvpn/keys
        ca.crt
+
 
        ca.key
+
Akan tampak file berikut
        index.txt
 
        serial
 
  
 +
ca.crt
 +
ca.key
 +
index.txt
 +
serial
  
Buat Server Key
+
==Membuat Server Key==
  
 
  # ./build-key-server server
 
  # ./build-key-server server
Line 92: Line 103:
 
         Data Base Updated
 
         Data Base Updated
  
Buat key untuk user admin maupun user lainnya jika di perlukan
+
==Buat Key User==
 +
 
 +
Membuat key untuk user admin maupun user lainnya jika di perlukan
  
 
  # ./build-key admin
 
  # ./build-key admin
Line 103: Line 116:
 
  ./build-key-pass username  
 
  ./build-key-pass username  
 
  ./build-key username  
 
  ./build-key username  
 +
 +
 +
Membuat DH Parameter dari key
  
 
  ./build-dh
 
  ./build-dh
 +
 +
 
  # openvpn --genkey --secret keys/ta.key
 
  # openvpn --genkey --secret keys/ta.key
 
  
 
  # openvpn --genkey --secret keys/ca.key
 
  # openvpn --genkey --secret keys/ca.key
 
  # openvpn --genkey --secret keys/ta.key
 
  # openvpn --genkey --secret keys/ta.key
  
 +
 +
==Test key==
  
 
Test key
 
Test key
 +
 
  # openvpn --genkey --secret key
 
  # openvpn --genkey --secret key
 
  # openvpn --test-crypto --secret key
 
  # openvpn --test-crypto --secret key
  
  
Test sambungan di 2 windows
+
==Test sambungan di 2 windows==
# cd /etc/openvpn
 
# cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/
 
# cp -Rf /usr/share/doc/openvpn/examples/sample-keys/ /etc/openvpn/
 
# openvpn --config sample-config-files/loopback-client
 
# openvpn --config sample-config-files/loopback-server
 
  
 +
Test yang sangat berguna melihat sambungan OpenVPN dari dua (2) Windows.
  
 +
cd /etc/openvpn
 +
cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/
 +
cp -Rf /usr/share/doc/openvpn/examples/sample-keys/ /etc/openvpn/
 +
openvpn --config sample-config-files/loopback-client
 +
openvpn --config sample-config-files/loopback-server
  
 +
Jika di perlukan kita dapat menginstalasi OpenVPN Administrator.
 
Contoh menginstalasi OpenVPN-Admin
 
Contoh menginstalasi OpenVPN-Admin
 +
 
  # apt-get install mono openvpn-admin
 
  # apt-get install mono openvpn-admin
  
 
+
==Edit Server.conf==
 
 
 
 
Edit Server.conf
 
  
 
  # vi /etc/openvpn/server.conf
 
  # vi /etc/openvpn/server.conf
Line 141: Line 161:
 
  # Which local IP address should OpenVPN listen on? (optional)
 
  # Which local IP address should OpenVPN listen on? (optional)
 
  local 192.168.0.3
 
  local 192.168.0.3
 
+
 
  # Which TCP/UDP port should OpenVPN listen on?
 
  # Which TCP/UDP port should OpenVPN listen on?
 
  port 1194
 
  port 1194
 
+
 
  # TCP or UDP server?
 
  # TCP or UDP server?
 
  proto udp
 
  proto udp
 
+
 
  # "dev tun" will create a routed IP tunnel, which is what we want
 
  # "dev tun" will create a routed IP tunnel, which is what we want
 
  dev tun
 
  dev tun
 
+
 
  # SSL/TLS root certificate (ca), certificate
 
  # SSL/TLS root certificate (ca), certificate
 
  # (cert), and private key (key). Each client
 
  # (cert), and private key (key). Each client
Line 161: Line 181:
 
  # Diffie hellman parameters.
 
  # Diffie hellman parameters.
 
  dh keys/dh1024.pem
 
  dh keys/dh1024.pem
 
+
 
  # Configure server mode and supply a VPN subnet
 
  # Configure server mode and supply a VPN subnet
 
  server 192.168.111.0 255.255.255.0
 
  server 192.168.111.0 255.255.255.0
 
+
 
  # Maintain a record of client <-> virtual IP address
 
  # Maintain a record of client <-> virtual IP address
 
  # associations in this file.
 
  # associations in this file.
 
  ifconfig-pool-persist ipp.txt
 
  ifconfig-pool-persist ipp.txt
 
+
 
  # Push routes to the client to allow it
 
  # Push routes to the client to allow it
 
  # to reach other private subnets behind
 
  # to reach other private subnets behind
Line 191: Line 211:
 
  # clients to be able to âseeâ
 
  # clients to be able to âseeâ
 
  client-to-client
 
  client-to-client
 
+
 
  # Ping every 10 seconds, assume that remote
 
  # Ping every 10 seconds, assume that remote
 
  # peer is down if no ping received during
 
  # peer is down if no ping received during
 
  # a 120 second time period.
 
  # a 120 second time period.
 
  keepalive 10 120
 
  keepalive 10 120
 
+
 
  # For extra security beyond that provided
 
  # For extra security beyond that provided
 
  # by SSL/TLS, create an âHMAC firewallâ
 
  # by SSL/TLS, create an âHMAC firewallâ
Line 207: Line 227:
 
  ;cipher AES-128-CBC # AES
 
  ;cipher AES-128-CBC # AES
 
  ;cipher DES-EDE3-CBC # Triple-DES
 
  ;cipher DES-EDE3-CBC # Triple-DES
 
+
 
  # Enable compression on the VPN link.
 
  # Enable compression on the VPN link.
 
  ; comp-lzo
 
  ; comp-lzo
 
+
 
  # The maximum number of concurrently connected
 
  # The maximum number of concurrently connected
 
  # clients we want to allow.
 
  # clients we want to allow.
 
  max-clients 250
 
  max-clients 250
 
+
 
  # It's a good idea to reduce the OpenVPN
 
  # It's a good idea to reduce the OpenVPN
 
  # daemonâs privileges after initialization.
 
  # daemonâs privileges after initialization.
 
  user nobody
 
  user nobody
 
  group nogroup
 
  group nogroup
 
+
 
  # The persist options will try to avoid
 
  # The persist options will try to avoid
 
  # accessing certain resources on restart
 
  # accessing certain resources on restart
Line 226: Line 246:
 
  persist-key
 
  persist-key
 
  persist-tun
 
  persist-tun
 
+
 
  # Output a short status file showing
 
  # Output a short status file showing
 
  status openvpn-status.log
 
  status openvpn-status.log
 
  log-append openvpn.log
 
  log-append openvpn.log
 
+
 
  # Set the appropriate level of log
 
  # Set the appropriate level of log
 
  # file verbosity.
 
  # file verbosity.
Line 239: Line 259:
 
  # 9 is extremely verbose
 
  # 9 is extremely verbose
 
  verb 4
 
  verb 4
 
+
 
  # Silence repeating messages. At most 20
 
  # Silence repeating messages. At most 20
 
  # sequential messages of the same message
 
  # sequential messages of the same message
Line 245: Line 265:
 
  mute 20
 
  mute 20
  
 +
==Cara menjalankan VPN Server==
 +
 +
Mengaktifkan VPN Server dengan server.conf (from www.openvpn.org)
  
Cara menjalankan VPN Server dengan server.conf (from www.openvpn.org)
 
 
  # openvpn --config /etc/openvpn/server.conf
 
  # openvpn --config /etc/openvpn/server.conf
 
 
 
 
 
 
 
  
 
==Pranala Menarik==
 
==Pranala Menarik==
  
 +
* http://eshabe.wordpress.com/2008/10/17/hardy-ubuntu-804-speedy-openvpn
 
* [[Instalasi OpenVPN Client di Linux]]
 
* [[Instalasi OpenVPN Client di Linux]]
 
* [[Instalasi OpenVPN di Windows]]
 
* [[Instalasi OpenVPN di Windows]]
 
* [[Linux Howto]]
 
* [[Linux Howto]]
 +
 +
[[Category: Linux]]

Latest revision as of 16:03, 7 July 2010

Install openvpn

Install openvpn di Ubuntu 

apt-get install openvpn
cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/

Pada Ubuntu 8.10 akan di terlihat folder 

/etc/openvpn/1.0
/etc/openvpn/2.0

Mungkin ada baiknya untuk pengguna Ubuntu 8.10, 9.04, 9.10 untuk memilih kita akan menggunakan konfigurasi 1.0 atau 2.0 dengan cara mengcopy 

cp -Rf /etc/openvpn/2.0/* /etc/openvpn

Alternatif lain yang lebih susah, compile openvpn dari source code 

cp openvpn-2.0.9.tar.gz /usr/local/src
cd /usr/local/src
tar zxvf openvpn-2.0.9.tar.gz
cd openvpn-2.0.9
./configure
make
make install

Anda tidak perlu mengcompile dari source code, jika sudah menginstalasi openvpn menggunakan apt-get install


Edit file vars di /etc/openvpn 

# cd /etc/openvpn/
# vi vars
     #this is to ensure secure data
     export KEY_SIZE=1024
     # These are the default values for fields
     # which will be placed in the certificate.
     # Don't leave any of these fields blank.
     export KEY_COUNTRY=ID
     export KEY_PROVINCE=DKI
     export KEY_CITY=Jakarta
     export KEY_ORG="Kerm.IT"
     export KEY_EMAIL="onno@indo.net.id"

Membuat Certificate Authority (CA)

cd /etc/openvpn/
. ./vars
./clean-all
./build-ca
       Country Name (2 letter code) [ID]:
       State or Province Name (full name) [DKI]:
       Locality Name (eg, city) [Jakarta]:
       Organization Name (eg, company) [Kerm.IT]:
       Organizational Unit Name (eg, section) []:Kerm.IT
       Common Name (eg, your name or your server's hostname) []:yc0mlc.ampr.org
       Email Address [onno@indo.net.id]:


Lihat keys apakah sudah di generate 

ls -l /etc/openvpn/
ls -l /etc/openvpn/keys

Akan tampak file berikut 

ca.crt
ca.key
index.txt
serial

Membuat Server Key

# ./build-key-server server
       Country Name (2 letter code) [ID]:
       State or Province Name (full name) [DKI]:
       Locality Name (eg, city) [Jakarta]:
       Organization Name (eg, company) [Kerm.IT]:
       Organizational Unit Name (eg, section) []:Kerm.IT
       Common Name (eg, your name or your server's hostname) []:yc0mlc.ampr.org
       Email Address [onno@indo.net.id]:

       Please enter the following 'extra' attributes
       to be sent with your certificate request
       A challenge password []:123456
       An optional company name []:Kerm.IT
       Using configuration from /etc/openvpn/openssl.cnf
       Check that the request matches the signature
       Signature ok
       The Subject's Distinguished Name is as follows
       countryName           :PRINTABLE:'ID'
       stateOrProvinceName   :PRINTABLE:'DKI'
       localityName          :PRINTABLE:'Jakarta'
       organizationName      :PRINTABLE:'Kerm.IT'
       organizationalUnitName:PRINTABLE:'Kerm.IT'
       commonName            :PRINTABLE:'yc0mlc.ampr.org'
       emailAddress          :IA5STRING:'onno@indo.net.id'
       Certificate is to be certified until Jan 13 03:34:36 2018 GMT (3650 days)
       Sign the certificate? [y/n]:y

       1 out of 1 certificate requests certified, commit? [y/n]y
       Write out database with 1 new entries
       Data Base Updated

Buat Key User

Membuat key untuk user admin maupun user lainnya jika di perlukan 

# ./build-key admin
       1 out of 1 certificate requests certified, commit? [y/n]y
       Write out database with 1 new entries
       Data Base Updated

Buat key untuk user lain jika di perlukan 

./build-key-pass username 
./build-key username


Membuat DH Parameter dari key 

./build-dh



# openvpn --genkey --secret keys/ta.key

# openvpn --genkey --secret keys/ca.key
# openvpn --genkey --secret keys/ta.key


Test key

Test key 

# openvpn --genkey --secret key
# openvpn --test-crypto --secret key


Test sambungan di 2 windows

Test yang sangat berguna melihat sambungan OpenVPN dari dua (2) Windows. 

cd /etc/openvpn
cp -Rf /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/
cp -Rf /usr/share/doc/openvpn/examples/sample-keys/ /etc/openvpn/
openvpn --config sample-config-files/loopback-client
openvpn --config sample-config-files/loopback-server

Jika di perlukan kita dapat menginstalasi OpenVPN Administrator. Contoh menginstalasi OpenVPN-Admin 

# apt-get install mono openvpn-admin

Edit Server.conf

# vi /etc/openvpn/server.conf

isinya kurang lebih 

# OpenVPN Server config file
# Which local IP address should OpenVPN listen on? (optional)
local 192.168.0.3

# Which TCP/UDP port should OpenVPN listen on?
port 1194

# TCP or UDP server?
proto udp

# "dev tun" will create a routed IP tunnel, which is what we want
dev tun

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
dh keys/dh1024.pem

# Configure server mode and supply a VPN subnet
server 192.168.111.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist ipp.txt

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
# push âroute 172.10.1.0 255.255.255.0"
# push âroute 192.168.0.0 255.255.255.0"
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
; push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.
;push "dhcp-option DNS 172.10.1.2"
# Uncomment this directive to allow different
# clients to be able to âseeâ
client-to-client

# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an âHMAC firewallâ
# to help block DoS attacks and UDP port flooding.
; tls-auth keys/ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
; comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 250

# It's a good idea to reduce the OpenVPN
# daemonâs privileges after initialization.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade. 
persist-key
persist-tun

# Output a short status file showing
status openvpn-status.log
log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20

Cara menjalankan VPN Server

Mengaktifkan VPN Server dengan server.conf (from www.openvpn.org) 

# openvpn --config /etc/openvpn/server.conf

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Instalasi_OpenVPN&oldid=20514"