Difference between revisions of "OpenVPN: IPv4 /32 single client"

Latest revision as of 08:17, 31 March 2020

sumber: https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/

Topology

CLIENT 1 ------- HOST A ---------------- HOST B
                 ovpn server             ovpn client

Host A akan berfungsi sebagai OpenVPN Server.

OS : Ubuntu 18.04
IP : 192.168.0.239/24
hostname : vpnserver

Host B akan berfungsi sebagai OpenVPN client

OS : Ubuntu 18.04
IP : 192.168.0.237/24

Instal & Konfigurasi OpenVPN Server

Download script openvpn-install dari github

sudo su
apt install openssh-server openvpn

cd /usr/local/src
wget https://git.io/vpn -O openvpn-install.sh
bash openvpn-install.sh

Jawab pertanyaan:

IP address: 192.168.0.239
Public IP address / hostname: vpnserver
Protocol [1-2]: 1 -- UDP
Port: 1194
DNS [1-5]: 1
Client name: client
Press any key to continue...  <ENTER>

Maka akan tampak file client.ovpn, di

/root/client.ovpn

Install openssh-server di client, copykan client.ovpn ke client

scp client.ovpn root@192.168.0.237:

Reboot

shutdown -r now

Cek kondisi jaringan

ifconfig

Akan muncul interface tun0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::eaaa:77ed:ba02:748  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 288 (288.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Konfigurasi OpenVPN Client

Pastikan openvpn terinstalsi

sudo su
apt install openssh-server openvpn

Edit /etc/hosts isi dengan nama OpenVPN server

192.168.0.239 vpnserver

Jalankan OpenVPN client

cd ~
sudo su
openvpn --config client.ovpn

Akan keluar kira-kira

..
..
Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
Sat Feb 16 08:24:45 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Feb 16 08:24:45 2019 /sbin/ip link set dev tun0 up mtu 1500
Sat Feb 16 08:24:45 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sat Feb 16 08:24:45 2019 /sbin/ip route add 192.168.0.239/32 dev enp0s3
Sat Feb 16 08:24:45 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:45 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:45 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 16 08:24:45 2019 Initialization Sequence Completed

Cek interface, akan muncul tun0

ifconfig

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::28c4:3e38:2497:e12a  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 51  bytes 11522 (11.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 43524 (43.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Cek sambungan

ping -c3 10.8.0.1

Sample output:

PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.539 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=1.17 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.921 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.539/0.878/1.176/0.264 ms

Cek routing

route -n

Sample output

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0

Anda sudah tersambung ke VPN dengan IP 10.8.0.0/24

Referensi

https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/

Difference between revisions of "OpenVPN: IPv4 /32 single client"

Latest revision as of 08:17, 31 March 2020

Contents

Topology

Instal & Konfigurasi OpenVPN Server

Konfigurasi OpenVPN Client

Referensi

Pranala Menarik

Navigation menu

Search

@@ Line 5: / Line 5: @@
-  CLIENT 1 ------- HOST A ---------------- HOST B --------- CLIENT 2
+  CLIENT 1 ------- HOST A ---------------- HOST B
                    ovpn server             ovpn client
+Host A akan berfungsi sebagai OpenVPN Server.
+ OS : Ubuntu 18.04
+ IP : 192.168.0.239/24
+ hostname : vpnserver
-==Install And Configure OpenVPN Server In Linux==
+Host B akan berfungsi sebagai OpenVPN client
-For the purpose this guide, I will be using two systems that are running with CentOS 7 64bit edition. One acts as OpenVPN server, an another one acts as openVPN client. The following is my test boxes details.
+ OS : Ubuntu 18.04
+ IP : 192.168.0.237/24
-OpenVPN server:
+==Instal & Konfigurasi OpenVPN Server==
-    OS : CentOS 7 64bit minimal edition
+Download script openvpn-install dari github
-    IP : 192.168.43.150/24
-    Hostname : vpnserver.ostechnix.local
-OpenVPN Client:
-    OS : CentOS 7 64bit minimal edition
-    IP : 192.168.43.199/24
-First, we will see server side configuration.
-OpenVPN Server installation and configuration
-Download the openvpn-install script from its GitHub page.
+ sudo su
+ apt install openssh-server openvpn
+ cd /usr/local/src
   wget https://git.io/vpn -O openvpn-install.sh
   bash openvpn-install.sh
-You will be asked to answer a series of questions. Answer them accordingly.
+Jawab pertanyaan:
-Make sure the IP address of the VPN server is correct. If you use multiple IP addresses, enter the IP of the network interface you want OpenVPN listening to.
-Welcome to this quick OpenVPN "road warrior" installer
-I need to ask you a few questions before starting the setup
- You can leave the default options and just press enter if you are ok with them
-First I need to know the IPv4 address of the network interface you want OpenVPN
- listening to.
- IP address: 192.168.43.150
-Select which protocol do you want to use. I want to use tcp port, hence I selected number 2.
-Which protocol do you want for OpenVPN connections?
-) UDP (recommended)
-) TCP
-Protocol [1-2]: 2
-Enter the port number.
-What port do you want OpenVPN listening to?
-Port: 1194
-Enter the DNS server details do you want to use with the VPN. I want to use Google DNS resolvers, so I selected the option 2.
-Which DNS do you want to use with the VPN?
-) Current system resolvers
-) Google
-) OpenDNS
-) NTT
-) Hurricane Electric
-) Verisign
-DNS [1-6]: 2
-We have reached the final step. Enter your client certificate name. The name should be single word, and shouldn’t contain any special characters.
+ IP address: 192.168.0.239
+ Public IP address / hostname: vpnserver
+ Protocol [1-2]: 1 -- UDP
+ Port: 1194
+ DNS [1-5]: 1
+ Client name: client
+ Press any key to continue...  <ENTER>
-Finally, tell me your name for the client certificate
+Maka akan tampak file client.ovpn, di
-Please, use one word only, no special characters
-Client name: client
-Press ENTER key to start the OPENVPN server installation.
+ /root/client.ovpn
-Okay, that was all I needed. We are ready to setup your OpenVPN server now
+Install openssh-server di client, copykan client.ovpn ke client
-Press any key to continue...
-Npw, this script will start to install all necessary packages to setup OpenVPN server. Anslo, it will create all necessary keys and certificates to authenticate with the VPN clients. This will take a few minutes.
+ scp client.ovpn root@192.168.0.237:
-Finally, the script will ask you if you have any External IP address. If you don’t have any, just ignore by leaving it blank and press ENTER key.
-If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
+Reboot
-If that's not the case, just ignore this and leave the next field blank
-External IP:
-Finished!
+ shutdown -r now
-Your client configuration is available at /root/client.ovpn
+Cek kondisi jaringan
-If you want to add more clients, you simply need to run this script again!
-OpenVPN server installation and configuration is completed. As you see in the last output, the client configuration details is stored in a file /root/client.ovpn. You need to copy this file to all your VPN client systems.
+ ifconfig
-I copied the client.ovpn file to my VPN client
+Akan muncul interface tun0
-  scp client.ovpn root@192.168.43.199:/etc/openvpn/
+  tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
+         inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
+         inet6 fe80::eaaa:77ed:ba02:748  prefixlen 64  scopeid 0x20<link>
+         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
+         RX packets 0  bytes 0 (0.0 B)
+         RX errors 0  dropped 0  overruns 0  frame 0
+         TX packets 6  bytes 288 (288.0 B)
+         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
-Next, we need to configure the OpenVPN client.
+==Konfigurasi OpenVPN Client==
-Download – Free Video: “Penetration Testing Methodologies Training Course (a $99 value!) FREE”
-==OpenVPN client Configuration==
+Pastikan openvpn terinstalsi
-Make sure you have copied the client.ovpn file from your VPN server system. I already have copied this file to /etc/openvpn/ directory of my VPN client system.
+ sudo su
+ apt install openssh-server openvpn
-Install OpenVPN package using the distribution package manager.
+Edit /etc/hosts isi dengan nama OpenVPN server
-  yum install openvpn
+.168.0.239 vpnserver
-Next, run the following command to establish secure connection with VPN server.
- openvpn --config /etc/openvpn/client.ovpn
+Jalankan OpenVPN client
-Sample output:
+ cd ~
+ sudo su
+ openvpn --config client.ovpn
-Wed Apr 5 18:50:44 2017 Unrecognized option or missing parameter(s) in /etc/openvpn/client.ovpn:14: block-outside-dns (2.3.14)
+Akan keluar kira-kira
-Wed Apr 5 18:50:44 2017 OpenVPN 2.3.14 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 7 2016
-Wed Apr 5 18:50:44 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
-Wed Apr 5 18:50:44 2017 Control Channel Authentication: tls-auth using INLINE static key file
-Wed Apr 5 18:50:44 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Apr 5 18:50:44 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Apr 5 18:50:44 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
-Wed Apr 5 18:50:44 2017 Attempting to establish TCP connection with [AF_INET]192.168.43.150:1194 [nonblock]
-Wed Apr 5 18:50:45 2017 TCP connection established with [AF_INET]192.168.43.150:1194
-Wed Apr 5 18:50:45 2017 TCPv4_CLIENT link local: [undef]
-Wed Apr 5 18:50:45 2017 TCPv4_CLIENT link remote: [AF_INET]192.168.43.150:1194
-Wed Apr 5 18:50:45 2017 TLS: Initial packet from [AF_INET]192.168.43.150:1194, sid=c6fb554e 362eb192
-Wed Apr 5 18:50:45 2017 VERIFY OK: depth=1, CN=ChangeMe
-Wed Apr 5 18:50:45 2017 Validating certificate key usage
-Wed Apr 5 18:50:45 2017 ++ Certificate has key usage 00a0, expects 00a0
-Wed Apr 5 18:50:45 2017 VERIFY KU OK
-Wed Apr 5 18:50:45 2017 Validating certificate extended key usage
-Wed Apr 5 18:50:45 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
-Wed Apr 5 18:50:45 2017 VERIFY EKU OK
-Wed Apr 5 18:50:45 2017 VERIFY OK: depth=0, CN=server
-Wed Apr 5 18:50:45 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Apr 5 18:50:45 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Apr 5 18:50:45 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Apr 5 18:50:45 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Apr 5 18:50:45 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
-Wed Apr 5 18:50:45 2017 [server] Peer Connection Initiated with [AF_INET]192.168.43.150:1194
-Wed Apr 5 18:50:48 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
-Wed Apr 5 18:50:48 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
-Wed Apr 5 18:50:48 2017 OPTIONS IMPORT: timers and/or timeouts modified
-Wed Apr 5 18:50:48 2017 OPTIONS IMPORT: --ifconfig/up options modified
-Wed Apr 5 18:50:48 2017 OPTIONS IMPORT: route options modified
-Wed Apr 5 18:50:48 2017 OPTIONS IMPORT: route-related options modified
-Wed Apr 5 18:50:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
-Wed Apr 5 18:50:48 2017 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:28:98:6b
-Wed Apr 5 18:50:48 2017 TUN/TAP device tun0 opened
-Wed Apr 5 18:50:48 2017 TUN/TAP TX queue length set to 100
-Wed Apr 5 18:50:48 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Wed Apr 5 18:50:48 2017 /usr/sbin/ip link set dev tun0 up mtu 1500
-Wed Apr 5 18:50:48 2017 /usr/sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
-Wed Apr 5 18:50:48 2017 /usr/sbin/ip route add 192.168.43.150/32 dev enp0s3
-Wed Apr 5 18:50:48 2017 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
-Wed Apr 5 18:50:48 2017 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
-Wed Apr 5 18:50:48 2017 Initialization Sequence Completed
-Now, check if tun0(VPN interface) is created, and check the VPN interface IP address using ‘ip addr’ command:
+ ..
+ ..
+ Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
+ Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
+ Sat Feb 16 08:24:45 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
+ Sat Feb 16 08:24:45 2019 /sbin/ip link set dev tun0 up mtu 1500
+ Sat Feb 16 08:24:45 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
+ Sat Feb 16 08:24:45 2019 /sbin/ip route add 192.168.0.239/32 dev enp0s3
+ Sat Feb 16 08:24:45 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
+ Sat Feb 16 08:24:45 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
+ Sat Feb 16 08:24:45 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
+ Sat Feb 16 08:24:45 2019 Initialization Sequence Completed
- ip addr
+Cek interface, akan muncul tun0
-Sample output:
+ ifconfig
-: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
+  tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
-  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+         inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
-  inet 127.0.0.1/8 scope host lo
+         inet6 fe80::28c4:3e38:2497:e12a  prefixlen 64  scopeid 0x20<link>
-  valid_lft forever preferred_lft forever
+         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
-  inet6 ::1/128 scope host
+         RX packets 51  bytes 11522 (11.5 KB)
-  valid_lft forever preferred_lft forever
+         RX errors 0  dropped 0  overruns 0  frame 0
-: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP  qlen 1000
+         TX packets 134  bytes 43524 (43.5 KB)
-  link/ether 08:00:27:28:98:6b brd ff:ff:ff:ff:ff:ff
+         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
-  inet 192.168.43.199/24 brd 192.168.43.255 scope global dynamic enp0s3
-  valid_lft 42359sec preferred_lft 42359sec
-  inet6 fe80::a00:27ff:fe28:986b/64 scope link
-  valid_lft forever preferred_lft forever
-: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
-  link/none
-  inet 10.8.0.2/24 brd 10.8.0.255 scope global tun0
-  valid_lft forever preferred_lft forever
-As you can see in the above output, Our VPN server automatically assigned an IP address 10.8.0.2 to the VPN client.
+Cek sambungan
-Now, try to ping the VPN server from your VPN client system:
   ping -c3 10.8.0.1
@@ Line 193: / Line 122: @@
   PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
-bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=1.05 ms
+bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.539 ms
-bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=1.94 ms
+bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=1.17 ms
-bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=2.49 ms
+bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.921 ms
   --- 10.8.0.1 ping statistics ---
-packets transmitted, 3 received, 0% packet loss, time 2001ms
+packets transmitted, 3 received, 0% packet loss, time 2007ms
-  rtt min/avg/max/mdev = 1.057/1.832/2.495/0.594 ms
+  rtt min/avg/max/mdev = 0.539/0.878/1.176/0.264 ms
-Congratulations! We have now successfully installed and configured OpenVPN server and client in CentOS. This method is same for DEB based systems such as Ubuntu and Linux Mint. Unlike the manual installation, this script makes the the openvpn installation and configuration much easier.
+Cek routing
-Cheers!
+ route -n
+Sample output
+ Kernel IP routing table
+ Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
+.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
+Anda sudah tersambung ke VPN dengan IP 10.8.0.0/24
 ==Referensi==
@@ Line 214: / Line 149: @@
 ==Pranala Menarik==
-* [[OpenVPN]]
+* [[OpenVPN: IPv4 /32 single client]]
-* [[IPv6]]
+* [[OpenVPN: IPv4 /32 multi-client]]
+* [[OpenVPN: IPv4 routed LAN]]
+* [[OpenVPN: IPv4 routed 2 LAN]]
+* [[OpenVPN: IPv6 /128 single client]]
+* [[OpenVPN: IPv6 routed LAN]]
+* [[OpenVPN: IPv6 routed 2 LAN]]
+* [[IPv6: OpenVPN: Ubuntu roadwarrior]]
+* [[OpenVPN: Simple Server using Script]]
+* [[OpenVPN: Free VPN untuk Ubuntu]]
+* [[Instalasi OpenVPN]]
+* [[Instalasi OpenVPN Client di Linux]]
+* [[Capture Screen Proses Instalasi OpenVPN di Windows]]
+* [[Instalasi OpenVPN di Windows]]
+* [[WNDW: OpenVPN]]
+* [[OpenVPN: Instalasi di Ubuntu 16.04]]
+* [[OpenVPN: Instalasi di Ubuntu 18.04]]
+* [[OpenVPN: Briding dan Routing]]