Difference between revisions of "OpenVPN: IPv4 /32 multi-client"

From OnnoWiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 5: Line 5:
  
  
  CLIENT 1 ------- HOST A ---------------- HOST B --------- CLIENT 2
+
  CLIENT 1 ------- HOST A ---------------- HOST B
 
                   ovpn server            ovpn client
 
                   ovpn server            ovpn client
  
 +
                                          HOST C
 +
                                          ovpn client
  
  
Line 21: Line 23:
  
 
  OS : Ubuntu 18.04
 
  OS : Ubuntu 18.04
IP : 192.168.0.237/24
 
  
==Buat Clint Config di Server==
+
 
 +
Host C akan berfungsi sebagai OpenVPN client
 +
 
 +
OS : Ubuntu 18.04
 +
 
 +
 
 +
 
 +
==Buat Client Config di Server==
  
 
Konfigurasi client dibuat di server menggunakan
 
Konfigurasi client dibuat di server menggunakan
Line 44: Line 52:
 
Pilih 1 dan akan dibuatkan config untuk client2 dst. File ini ada di /root/client2.ovpn.
 
Pilih 1 dan akan dibuatkan config untuk client2 dst. File ini ada di /root/client2.ovpn.
 
Copykan file tersebut ke client.
 
Copykan file tersebut ke client.
 
 
 
 
  
 
==Konfigurasi OpenVPN Client==
 
==Konfigurasi OpenVPN Client==
Line 69: Line 73:
 
Akan keluar kira-kira
 
Akan keluar kira-kira
  
  Sat Feb 16 08:24:44 2019 Unrecognized option or missing or extra parameter(s) in client.ovpn:14: block-outside-dns (2.4.4)
+
  ..
Sat Feb 16 08:24:44 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
+
  ..
Sat Feb 16 08:24:44 2019 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
 
Sat Feb 16 08:24:44 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 
Sat Feb 16 08:24:44 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 
Sat Feb 16 08:24:44 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.239:1194
 
Sat Feb 16 08:24:44 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
 
Sat Feb 16 08:24:44 2019 UDP link local: (not bound)
 
Sat Feb 16 08:24:44 2019 UDP link remote: [AF_INET]192.168.0.239:1194
 
Sat Feb 16 08:24:44 2019 TLS: Initial packet from [AF_INET]192.168.0.239:1194, sid=5ece0ce6 888b9e5b
 
Sat Feb 16 08:24:44 2019 VERIFY OK: depth=1, CN=ChangeMe
 
Sat Feb 16 08:24:44 2019 VERIFY KU OK
 
Sat Feb 16 08:24:44 2019 Validating certificate extended key usage
 
Sat Feb 16 08:24:44 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
 
Sat Feb 16 08:24:44 2019 VERIFY EKU OK
 
Sat Feb 16 08:24:44 2019 VERIFY OK: depth=0, CN=server
 
Sat Feb 16 08:24:44 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
 
  Sat Feb 16 08:24:44 2019 [server] Peer Connection Initiated with [AF_INET]192.168.0.239:1194
 
Sat Feb 16 08:24:45 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
 
Sat Feb 16 08:24:45 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.0.222,route-gateway  10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM '
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: timers and/or timeouts modified
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: --ifconfig/up options modified
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: route options modified
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: route-related options modified
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: peer-id set
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
 
Sat Feb 16 08:24:45 2019 OPTIONS IMPORT: data channel crypto options modified
 
Sat Feb 16 08:24:45 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
 
Sat Feb 16 08:24:45 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
 
Sat Feb 16 08:24:45 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
 
Sat Feb 16 08:24:45 2019 ROUTE_GATEWAY 192.168.0.222/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:16:69:ed
 
 
  Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
 
  Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
 
  Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
 
  Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
Line 156: Line 130:
  
 
* https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/
 
* https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/
 +
* https://www.itsfullofstars.de/2018/09/openvpn-assign-static-ip-to-client/
 +
  
 
==Pranala Menarik==
 
==Pranala Menarik==
  
* [[OpenVPN]]
+
* [[OpenVPN: IPv4 /32 single client]]
* [[IPv6]]
+
* [[OpenVPN: IPv4 /32 multi-client]]
 +
* [[OpenVPN: IPv4 routed LAN]]
 +
* [[OpenVPN: IPv4 routed 2 LAN]]
 +
* [[OpenVPN: IPv6 /128 single client]]
 +
* [[OpenVPN: IPv6 routed LAN]]
 +
* [[OpenVPN: IPv6 routed 2 LAN]]
 +
 
 +
* [[IPv6: OpenVPN: Ubuntu roadwarrior]]
 +
* [[OpenVPN: Simple Server using Script]]
 +
* [[OpenVPN: Free VPN untuk Ubuntu]]
 +
* [[Instalasi OpenVPN]]
 +
* [[Instalasi OpenVPN Client di Linux]]
 +
* [[Capture Screen Proses Instalasi OpenVPN di Windows]]
 +
* [[Instalasi OpenVPN di Windows]]
 +
* [[WNDW: OpenVPN]]
 +
* [[OpenVPN: Instalasi di Ubuntu 16.04]]
 +
* [[OpenVPN: Instalasi di Ubuntu 18.04]]
 +
* [[OpenVPN: Briding dan Routing]]

Latest revision as of 08:17, 31 March 2020

sumber: https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/


Topology

CLIENT 1 ------- HOST A ---------------- HOST B
                 ovpn server             ovpn client
                                         HOST C
                                         ovpn client


Host A akan berfungsi sebagai OpenVPN Server.

OS : Ubuntu 18.04
IP : 192.168.0.239/24
hostname : vpnserver


Host B akan berfungsi sebagai OpenVPN client

OS : Ubuntu 18.04


Host C akan berfungsi sebagai OpenVPN client

OS : Ubuntu 18.04


Buat Client Config di Server

Konfigurasi client dibuat di server menggunakan

cd /usr/local/src/
bash openvpn-install.sh

Keluar

Looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]: 


Pilih 1 dan akan dibuatkan config untuk client2 dst. File ini ada di /root/client2.ovpn. Copykan file tersebut ke client.

Konfigurasi OpenVPN Client

Pastikan openvpn terinstalsi

sudo su
apt install openssh-server openvpn

Edit /etc/hosts isi dengan nama OpenVPN server

192.168.0.239 vpnserver


Jalankan OpenVPN client

cd ~
sudo su
openvpn --config client2.ovpn

Akan keluar kira-kira

..
..
Sat Feb 16 08:24:45 2019 TUN/TAP device tun0 opened
Sat Feb 16 08:24:45 2019 TUN/TAP TX queue length set to 100
Sat Feb 16 08:24:45 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Feb 16 08:24:45 2019 /sbin/ip link set dev tun0 up mtu 1500
Sat Feb 16 08:24:45 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sat Feb 16 08:24:45 2019 /sbin/ip route add 192.168.0.239/32 dev enp0s3
Sat Feb 16 08:24:45 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:45 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sat Feb 16 08:24:45 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 16 08:24:45 2019 Initialization Sequence Completed 

Cek interface, akan muncul tun0

ifconfig
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.3  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::28c4:3e38:2497:e12a  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 51  bytes 11522 (11.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 43524 (43.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Cek sambungan

ping -c3 10.8.0.1

Sample output:

PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.539 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=1.17 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.921 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.539/0.878/1.176/0.264 ms

Cek routing

route -n

Sample output

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0


Anda sudah tersambung ke VPN dengan IP 10.8.0.0/24

Referensi


Pranala Menarik