server:~#apt-get install openvpn
2. Mengambil file sample konfigurasi agar mudah dalam melakukan setup.
server:~#cp -r /usr/share/doc/openvpn/easy-rsa/ /etc/openvpn/
3. Mengedit file vars di folder /etc/openvpn/easy-rsa/2.0/
server:~#cd /etc/openvpn/easy-rsa/2.0/
server:/etc/openvpn/easy-rsa/2.0#nano vars
lakukan editing pada bagian dibawah sesuai kebutuhan
export KEY_COUNTRY="ID"
export KEY_PROVINCE="JB"
export KEY_CITY="BDG"
export KEY_ORG="organisasi"
export KEY_EMAIL="admin@yahoo.com"
4. Membuat file key dan sertifikat
server:/etc/openvpn/easy-rsa/2.0#source vars
server:/etc/openvpn/easy-rsa/2.0#./clean-all
server:/etc/openvpn/easy-rsa/2.0#./build-dh
server:/etc/openvpn/easy-rsa/2.0#./pkitool --initca
server:/etc/openvpn/easy-rsa/2.0#./pkitool --server server
server:/etc/openvpn/easy-rsa/2.0#./pkitool client
server:/etc/openvpn/easy-rsa/2.0#cp keys/dh1024.pem /etc/openvpn/
server:/etc/openvpn/easy-rsa/2.0#cp keys/server.crt /etc/openvpn
server:/etc/openvpn/easy-rsa/2.0#cp keys/server.key /etc/openvpn
server:/etc/openvpn/easy-rsa/2.0#cp keys/ca.crt /etc/openvpn
5. Menyiapkan configurasi untuk client
server:/etc/openvpn/easy-rsa/2.0#cp keys/client.crt /home
server:/etc/openvpn/easy-rsa/2.0#cp keys/client.key /home
server:/etc/openvpn/easy-rsa/2.0#cp keys/ca.crt /home
6. Setup configurasi server
server:/etc/openvpn/easy-rsa/2.0#cd /etc/openvpn
server:/etc/openvpn#cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
server:/etc/openvpn#gunzip server.conf.gz
server:/etc/openvpn#nano server.conf
Tambahkan atau edit file server conf seperti dibawah ini
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
username-as-common-name
server 10.2.0.0 255.255.255.0 # Sesuaikan dengan ip dan netmask vpn yang diinginkan
push "redirect-gateway def1"
push "dhcp-option DNS 172.32.5.1"
push "dhcp-option DNS 208.67.220.220"
client-to-client
duplicate-cn
keepalive 30 120
max-clients 50
7. Buat user untuk vpn
server:~# useradd -m -s /bin/false vpnuser
server:~# passwd vpnuser
8. Setup client
- Instal openvpn client yang dapat di unduh disini openvpn
- Ambil file client.crt, client.key, ca.crt yang telah dicopikan ke folder /home dengan menggunakan program pscp yang dapat didownload di sini pscp
- Penggunaan program pscp yaitu dengan cara simpan file pscp di c:\ lalu jalankan command prompt arahkan cursor ke c:\
- jalankan perintah berikut dicommand prompt
c:\ pscp root@192.168.2.1:/home/client.crt c:\
- copikan file client.key dan ca.crt seperti langkah di atas
- pindahkan 3 file yang di copi ke c:\ tadi ke folder c:\Program Files\OpenVPN\config
- buat file configurasi vpn client dengan menggunakan notepad yang isinya
client
dev tun
proto udp
remote 192.168.2.1 1194 #ip server vpn bukan ip vpn yang diset untuk server
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
auth-user-pass
ns-cert-type server
comp-lzo
verb 3
simpan dengan nama client.ovpn simpan di c:\Program Files\OpenVPN\config
- Jalankan program OpenVPN klik kanan icon OpenVPN yang muncul di taskbar, masukkan username dan password yang sudah dibuat.
Semoga berhasil
mas Linux install 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u1 i686
BalasHapusThe programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Apr 29 21:01:43 2015 from 10.0.2.2
root@vultr:~# apt-get install openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
liblzo2-2 libpkcs11-helper1
Suggested packages:
resolvconf
The following NEW packages will be installed:
liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 636 kB of archives.
After this operation, 1,376 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.mirror.constant.com/ wheezy/main liblzo2-2 i386 2.06-1+deb7u
1 [64.3 kB]
Get:2 http://debian.mirror.constant.com/ wheezy/main libpkcs11-helper1 i386 1.09
-1 [49.2 kB]
Get:3 http://debian.mirror.constant.com/ wheezy/main openvpn i386 2.2.1-8+deb7u3
[522 kB]
Fetched 636 kB in 3s (186 kB/s)
Preconfiguring packages ...
Selecting previously unselected package liblzo2-2:i386.
(Reading database ... 22322 files and directories currently installed.)
Unpacking liblzo2-2:i386 (from .../liblzo2-2_2.06-1+deb7u1_i386.deb) ...
Selecting previously unselected package libpkcs11-helper1:i386.
Unpacking libpkcs11-helper1:i386 (from .../libpkcs11-helper1_1.09-1_i386.deb) ..
.
Selecting previously unselected package openvpn.
Unpacking openvpn (from .../openvpn_2.2.1-8+deb7u3_i386.deb) ...
Processing triggers for man-db ...
Setting up liblzo2-2:i386 (2.06-1+deb7u1) ...
Setting up libpkcs11-helper1:i386 (1.09-1) ...
Setting up openvpn (2.2.1-8+deb7u3) ...
[ ok ] Restarting virtual private network daemon.:.
root@vultr:~# cp -r /usr/share/doc/openvpn/easy-rsa/ /etc/openvpn/
cp: cannot stat `/usr/share/doc/openvpn/easy-rsa/': No such file or directory
root@vultr:~#
knpa erorr
BalasHapus