Difference between revisions of "OpenVPN: Simple Server using Script"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 28: | Line 28: | ||
==Setup Firewall== | ==Setup Firewall== | ||
− | + | Kadang konfigurasi Firewall bisa di lihat di /etc/rc.local file: | |
− | + | cat /etc/rc.local | |
− | + | Contoh Firewall: | |
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
Line 39: | Line 39: | ||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155 | ||
− | + | Contoh konfigurasi Server openvpn, | |
− | + | sudo more /etc/openvpn/server.conf | |
− | + | sudo vi /etc/openvpn/server.conf | |
− | + | Run / Control OpenVPN Server, | |
− | + | sudo systemctl stop openvpn@server | |
− | + | sudo systemctl start openvpn@server | |
− | + | sudo systemctl restart openvpn@server | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | server | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | sudo /etc/init.d/openvpn stop | |
+ | sudo /etc/init.d/openvpn start | ||
+ | sudo /etc/init.d/openvpn restart | ||
− | + | ==ufw firewall rules (optional)== | |
− | |||
− | + | Edit /etc/ufw/before.rules, | |
− | |||
− | + | sudo vi /etc/ufw/before.rules | |
− | |||
− | |||
− | + | sudo ufw allow 1194/udp | |
− | + | sudo ufw allow 22/tcp | |
− | + | Edit /etc/ufw/sysctl.conf file, | |
− | |||
− | + | sudo vi /etc/ufw/sysctl.conf | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
net/ipv4/ip_forward=1 | net/ipv4/ip_forward=1 | ||
− | + | Enable / Reload ufw, | |
− | |||
+ | sudo ufw enable | ||
OR | OR | ||
− | + | sudo ufw reload | |
+ | |||
+ | Verify, | ||
− | + | sudo ufw status | |
− | + | sudo iptables -t nat -L -n -v | |
− | + | sudo iptables -L FORWARD -n -v | |
− | + | sudo iptables -L ufw-before-forward -n -v | |
− | |||
==Client configuration== | ==Client configuration== |
Revision as of 08:47, 31 March 2020
sumber: https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/
Cek IP Publik Kita
Jika Server tersambung langsung ke Internet, dapat menggunakan
ip addr show eth0 ip addr show enp0s3 ip a
atau menggunakan
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com host myip.opendns.com resolver1.opendns.com
Download openvpn-install.sh script
Download
wget https://git.io/vpn -O openvpn-install.sh openvpn-install.sh
Install OpenVPN, run,
sudo bash openvpn-install.sh
Setup Firewall
Kadang konfigurasi Firewall bisa di lihat di /etc/rc.local file:
cat /etc/rc.local
Contoh Firewall:
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155
Contoh konfigurasi Server openvpn,
sudo more /etc/openvpn/server.conf sudo vi /etc/openvpn/server.conf
Run / Control OpenVPN Server,
sudo systemctl stop openvpn@server sudo systemctl start openvpn@server sudo systemctl restart openvpn@server
sudo /etc/init.d/openvpn stop sudo /etc/init.d/openvpn start sudo /etc/init.d/openvpn restart
ufw firewall rules (optional)
Edit /etc/ufw/before.rules,
sudo vi /etc/ufw/before.rules
sudo ufw allow 1194/udp sudo ufw allow 22/tcp
Edit /etc/ufw/sysctl.conf file,
sudo vi /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
Enable / Reload ufw,
sudo ufw enable
OR
sudo ufw reload
Verify,
sudo ufw status sudo iptables -t nat -L -n -v sudo iptables -L FORWARD -n -v sudo iptables -L ufw-before-forward -n -v
Client configuration
On server your will find a client configuration file called ~/iphone.ovpn. All you have to do is copy this file to your local desktop using the scp and provide this file to your OpenVPN client to connect:
$ scp vivek@139.59.1.155:~/iphone.ovpn .
Next, you need to download OpenVPN client as per your operating system:
Download OpenVPN client for Apple IOS version 6.x or above and install it. Download OpenVPN client for Android and install it. Download OpenVPN client for Apple MacOS (OS X) and install it. Download OpenVPN client for Windows 8/10 and install it.
MacOS/OS X OpenVPN client configuration
Just double click on iphone.ovpn file and it will open in your tunnelblick client > Click on the “Only me” to install it. Fig.03: MacOS / OS X openvpn client configuration Fig.03: MacOS / OS X openvpn client configuration
Once installed click on Connect button and you will be online. Use the following command on MacOS client to verify that your public IP changed to the VPN server IP: $ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
You can ping to OpenVPN server private IP:
$ ping 10.8.0.1
Linux OpenVPN client configuration
First, install the openvpn client, enter:
$ sudo yum install openvpn
OR
$ sudo apt install openvpn
Next, copy iphone.ovpn as follows:
$ sudo cp iphone.ovpn /etc/openvpn/client.conf
Test connectivity from the CLI:
$ sudo openvpn --client --config /etc/openvpn/client.conf
Your Linux system will automatically connect when computer restart using /etc/init.d/openvpn script:
$ sudo /etc/init.d/openvpn start
For systemd based system, use the following command:
$ sudo systemctl start openvpn@client
Test the connectivity:
$ ping 10.8.0.1 #Ping to OpenVPN server gateway $ ip route #Make sure routing setup $ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Make sure your public IP set to OpenVPN server
FreeBSD OpenVPN client configuration
First, install the openvpn client, enter:
$ sudo pkg install openvpn
Next, copy iphone.ovpn as follows:
$ mkdir -p /usr/local/etc/openvpn/ $ sudo cp iphone.ovpn /usr/local/etc/openvpn/client.conf
Edit /etc/rc.conf and add the following:
openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/client.conf"
Start the OpenVPN service:
$ sudo /usr/local/etc/rc.d/openvpn start
Verify it:
$ ping 10.8.0.1 #Ping to OpenVPN server gateway $ $ netstat -nr #Make sure routing setup $ $ drill myip.opendns.com @resolver1.opendns.com #Make sure your public IP set to OpenVPN server
How do I add a new client?
For demo purpose I added a new device called iphone. Let us add one more device called googlephone by running the script again:
$ sudo bash openvpn-install.sh
Sample outputs:
Looks like OpenVPN is already installed
What do you want to do?
1) Add a cert for a new user 2) Revoke existing user cert 3) Remove OpenVPN 4) Exit
Select an option [1-4]:
Referensi
Pranala Menarik
- OpenVPN: IPv4 /32 single client
- OpenVPN: IPv4 /32 multi-client
- OpenVPN: IPv4 routed LAN
- OpenVPN: IPv4 routed 2 LAN
- OpenVPN: IPv6 /128 single client
- OpenVPN: IPv6 routed LAN
- OpenVPN: IPv6 routed 2 LAN
- IPv6: OpenVPN: Ubuntu roadwarrior
- OpenVPN: Simple Server using Script
- OpenVPN: Free VPN untuk Ubuntu
- Instalasi OpenVPN
- Instalasi OpenVPN Client di Linux
- Capture Screen Proses Instalasi OpenVPN di Windows
- Instalasi OpenVPN di Windows
- WNDW: OpenVPN
- OpenVPN: Instalasi di Ubuntu 16.04
- OpenVPN: Instalasi di Ubuntu 18.04
- OpenVPN: Briding dan Routing