Rolly Maulana Awangga :: Catatan Ngoprek IT

Pakar dan Awam sama saja, sama sama belajar

Setup Openvpn Server on Debian Wheezy and Set Up Client

root@singaraja:~# mkdir /etc/openvpn/easy-rsa
root@singaraja:~# cp -ai /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
root@singaraja:~# cd /etc/openvpn/easy-rsa/2.0/
root@singaraja:/etc/openvpn/easy-rsa/2.0# nano vars
root@singaraja:/etc/openvpn/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./clean-all
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-ca
Generating a 1024 bit RSA private key
…………++++++
…………………..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:singaraja
Common Name (eg, your name or your server’s hostname) [changeme]:semar
Name [changeme]:semar
Email Address [awangga@passionit.co.id]:
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-key-server semar
Generating a 1024 bit RSA private key
…………++++++
……………++++++
writing new private key to ‘semar.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:serversemar
Common Name (eg, your name or your server’s hostname) [semar]:serversemar
Name [changeme]:serversemar
Email Address [awangga@passionit.co.id]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’ID’
stateOrProvinceName :PRINTABLE:’JB’
localityName :PRINTABLE:’Bandung’
organizationName :PRINTABLE:’passionit’
organizationalUnitName:PRINTABLE:’serversemar’
commonName :PRINTABLE:’serversemar’
name :PRINTABLE:’serversemar’
emailAddress :IA5STRING:’awangga@passionit.co.id’
Certificate is to be certified until Oct 28 12:02:09 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-key iqromedia
Generating a 1024 bit RSA private key
…………………++++++
……………………………………++++++
writing new private key to ‘iqromedia.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:iqromedia
Common Name (eg, your name or your server’s hostname) [iqromedia]:
Name [changeme]:iqromedia
Email Address [awangga@passionit.co.id]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’ID’
stateOrProvinceName :PRINTABLE:’JB’
localityName :PRINTABLE:’Bandung’
organizationName :PRINTABLE:’passionit’
organizationalUnitName:PRINTABLE:’iqromedia’
commonName :PRINTABLE:’iqromedia’
name :PRINTABLE:’iqromedia’
emailAddress :IA5STRING:’awangga@passionit.co.id’
Certificate is to be certified until Oct 28 12:03:25 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
………………………..+.+…………….+…………………………………………………………………………………………………………………+……………………+…………………+………………………………………………………………………………..+…………………………………………………………………………………………………………………………..+……………+……………..+………………………………….+…….+……………………………….+………+…………………………………..+…………………………………………………………………………………+….+…………………………………………………………………………………………………………………………………+……..+.+………….+……+………………………+…….+…………….+………….+……………………+……………………………………………………………………………….+………………………………………………….+………………………………………+…………..+……….+…………+………………………………………………………………….+…………………………………………………..+…………………….+……………………………………………….+…………………………………………………………………………………………………………………………………………………………………+..+…………………………………………………+…+………+……+……….+……………………………………………+…………………………………………………………………………..+……………………………….+…………………………+……………+………………………………………………+……………………………..+….+…………………………………………….+……………………………………………………………………………………+……………………………………………………………..+……………+…………………………………..+……………………….+…………………………………………………………………………..+…………………………………………..+…………………………………………………………………..+……………………..+…………………………………………+…………………………………………………………………………………………….+………..+…….+……………………………………………………………………..+………………………………………………………………………………..+…+…………………+………+…………………+……………………………………..+…………..+….+………………….+……….+…………………………………..+……………………………………………………………………..+…………………………+…………+………………………+…………+………………………………..+………………..+………………………………………………………………………………………………………………….+………………..++*++*++*
root@singaraja:/etc/openvpn/easy-rsa/2.0# cd ..
root@singaraja:/etc/openvpn/easy-rsa# cd ..
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/ca.crt .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/semar.key .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/semar.crt .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/dh1024.pem .

root@singaraja:/etc/openvpn# cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
root@singaraja:/etc/openvpn# gunzip server.conf.gz
root@singaraja:/etc/openvpn# nano server.conf

# [server.conf]
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 202.107.105.13"
push "dhcp-option DNS 202.108.107.21"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

root@singaraja:/etc/openvpn# service openvpn start
[ ok ] Starting virtual private network daemon: server.
root@singaraja:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 74:d4:35:e0:7d:10
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::76d4:35ff:fee0:7d10/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:165854998 errors:17 dropped:0 overruns:0 frame:8
TX packets:184415361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:109560987302 (102.0 GiB) TX bytes:158607736676 (147.7 GiB)
Interrupt:20 Memory:d3800000-d3820000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1234141 errors:0 dropped:0 overruns:0 frame:0
TX packets:1234141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1405142544 (1.3 GiB) TX bytes:1405142544 (1.3 GiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@singaraja:/etc/openvpn# cat /proc/sys/net/ipv4/ip_forward
1
root@singaraja:/etc/openvpn# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.254 0.0.0.0 UG 100 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

root@singaraja:/etc/openvpn# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./easy-rsa/2.0/keys/
root@singaraja:/etc/openvpn# nano ./easy-rsa/2.0/keys/client.conf

# [client.conf]
client
dev tun
proto udp
remote 66.32.272.181 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client_kevin.crt
key /etc/openvpn/client_kevin.key
ns-cert-type server
comp-lzo
verb 3

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: