Instalasi OpenVPN Client di Linux
Revision as of 17:22, 24 March 2008 by Onnowpurbo (talk | contribs) (New page: == Setup Client OpenVPN di Linux == Install aplikasi GUI utuk client # apt-get install kvpnc # apt-get install network-manager-openvpn openvpn Copy setting OpenVPN # cp -Rf /usr/sh...)
Setup Client OpenVPN di Linux
Install aplikasi GUI utuk client
# apt-get install kvpnc # apt-get install network-manager-openvpn openvpn
Copy setting OpenVPN
# cp -Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/ # cd /etc/openvpn # mkdir /etc/openvpn/keys
# vi vars # , ./vars # ./clean-all
Copy key client dari Server
# scp -r root@192.168.0.3:/etc/openvpn/keys/ca.crt /etc/openvpn/keys # scp -r root@192.168.0.3:/etc/openvpn/keys/user1.crt /etc/openvpn/keys # scp -r root@192.168.0.3:/etc/openvpn/keys/user1.key /etc/openvpn/keys
Menjalankan VPN Client (client.conf from www.openvpn.org)
# openvpn --config /etc/openvpn/client.conf
Edit Client.conf
# vi /etc/openvpn/client.conf
isinya kurang lebih
# Specify that we are a client and that we # will be pulling certain config file directives # from the server. client
# Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ; dev tap dev tun
# Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ; dev-node MyTap
# Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. ;proto tcp proto udp
# The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. ;remote my-server-1 1194 ;remote my-server-2 1194 remote 192.168.0.3 1194
# Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random
# Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite
# Most clients don't need to bind to # a specific local port number. nobind
# Try to preserve some state across restarts. persist-key persist-tun
# If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings
# SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca keys/ca.crt cert keys/client.crt key keys/client.key
# Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server
# If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1
# Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x ;cipher AES-128-CBC
# Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. ; comp-lzo
# Set log file verbosity. verb 3
# Silence repeating messages ;mute 20
Cara menjalankan VPN client dengan client.conf (from www.openvpn.org)
# openvpn --config /etc/openvpn/client.conf