konfigurasi vpn debian 5

Berikut yang dilakukan :
Saya hanya memberikan komentar pada letak perbedaan nya saja.
Pada debian menggunakan apt-get untuk menginstall openvpn
# apt-get install openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libdb4.5 liblzo2-2 libpkcs11-helper1 libsqlite3-0 mime-support openssl openssl-blacklist openvpn-blacklist python
python-minimal python2.5 python2.5-minimal
Suggested packages:
ca-certificates resolvconf python-doc python-tk python-profiler python2.5-doc binfmt-support
The following NEW packages will be installed:
libdb4.5 liblzo2-2 libpkcs11-helper1 libsqlite3-0 mime-support openssl openssl-blacklist openvpn openvpn-blacklist python
python-minimal python2.5 python2.5-minimal
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.0MB of archives.
After this operation, 35.8MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Pada Centos letak file easy-rsa pada /usr/share/openvpn/easy-rsa
Sedangkan di Debian letaknya pada /usr/share/doc/openvpn/examples/easy-rsa
# cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn
# cd /etc/openvpn/easy-rsa/2.0
# vi vars
# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
# ./clean-all
# ./build-ca
Generating a 1024 bit RSA private key
....................++++++
.............................++++++
writing new private key to 'ca.key'
-----
# ./build-key-server server
Generating a 1024 bit RSA private key
.......................++++++
..............................++++++
writing new private key to 'server.key'
-----
# ./build-key vpngue
Generating a 1024 bit RSA private key
........................................++++++
.........++++++
writing new private key to 'vpngue.key'
-----
# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
........................................................................+...................................................................+.......................+..+....................................................................................+.....................................................+.............+.....+............................................++*++*++*
# mv keys /etc/openvpn/
Pada Centos letak dan nama file ada pada /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf
Sedang di Debian /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
# cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
# cd /etc/openvpn/
# gunzip server.conf.gz
Edit server.conf
# vi server.conf
Edit bagian berikut sehinga menjadi
# (see "pkcs12" directive in man page).
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
# Diffie hellman parameters.
dh keys/dh1024.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
IPTABLES SETING
Seting berikut di khususkan untuk openvpn client agar bisa untuk akses internet melalui openvpn server
# echo 1 > /proc/sys/net/ipv4/ip_forward
Agar permanen ubah net.ipv4.ip_forward = 0 mejadi net.ipv4.ip_forward = 1 dalam /etc/sysctl.conf dan hapus tanda # didepan baris tersebut
# vi /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Jalankan perintah iptables seprti berikut :
# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xxx.xxx.xxx
# iptables -I INPUT -p udp -m udp --dport 1194 -j ACCEPT
# iptables -A FORWARD -j REJECT
# iptables-save > /etc/iptables.up.rules
Untuk memastikan iptables jalan pada setiap kalai serevr di restart maka tambahkan kode berikut pada /etc/network/if-pre-up.d/iptables
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
Jadikan file tersebut agar dapat diexekusi dengan merubah permisi nya
#chmod +x /etc/network/if-pre-up.d/iptables
Restart server untuk memastikan iptable jalan dengan baik.
Jalankan openvpn
# /etc/init.d/openvpn start
Starting virtual private network daemon: server.
cek apakah sudah jalan
# ps ax |grep openvpn
3476 ? Ss 0:00 /usr/sbin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf
Apabila sudah terlihat baris seperti diatas berarti openvpn sudah jalan normal.
Lihat juga kalau-kalau kemungkinan terjadi error sambil di client menjalan kan openvpn
# tail -f /var/log/messages

Posted by Unknown on Sabtu, 17 Agustus 2013 - Rating: 4.5

Title : konfigurasi vpn debian 5
Description : Berikut yang dilakukan : Saya hanya memberikan komentar pada letak perbedaan nya saja. Pada debian menggunakan apt-get untuk menginstall ...

Tweet