Install openvpn
sudo apt-get install openvpn easy-rsa
Server - Generate (Public Key Infrastructure)
0. Download easy-rsa from internet.
easy-rsa download point
tar xvf easy-rsa-2.2.0_master.tar.gz
cd easy-rsa-2.2.0_master/easy-rsa/2.0
1. Copy easy-rsa script to the folder of /etc/openvpn
mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cp -r /usr/share/doc/openvpn/examples/sample-config-files/ /etc/openvpn/
2. edit /etc/openvpn/easy-rsa/vars
This is for server environment
export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="steve@example.com"
3. Generate the master Certificate Authority (CA) certificate and key
cd /etc/openvpn/easy-rsa/
source vars # This command will create index.txt(empty) and serial(01) under the folder of keys.
./clean-all
# This script will create ca.crt.
# This is common one for server and client site.
# ca.crt privilege is 644
./build-ca
4. Generate a certificate and private key for the server
# key privilege is 600(Private CA key)# crt privilege is 644 (Public CA key)
./build-key-server myservername
5. Diffie Hellman parameters must be generated for the OpenVPN server
# dh1024.pem privilege is 644
./build-dh
6. Copy related file to /etc/openvpn/
cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/
Server Startup
1. Copy server.conf to /etc/openvpn
sudo cp /etc/openvpn/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
2. Make sure the following info is correct relate your file.
ca ca.crt
cert myservername.crt
key myservername.key
dh dh1024.pem
3. Startup openvpn
method 1
/etc/init.d/openvpn is a script
/etc/init.d/openvpn start
method 2
/usr/sbin/openvpn --config /etc/openvpn/server.conf
Successful log at the end of page
4. check tun0 appear on computer
ifconfig
Client - Generate (Public Key Infrastructure)
1. Create Client Certificates on ubuntu 10.04
cd /etc/openvpn/easy-rsa/
source vars
./build-key client1
2. Copy following file to client
ca.crt client1.crt client1.key
Windows XP - OpenVPN install
1. Install OpenVPN tools for windows XP
Install OpenVPN for windows.
2. Watch Youtube - Tutorial - How to install, configure and connect with the OpenVPN client will know how to use windows client of openvpn.
Reference:
- How to build and configure OpenVPN for Beagleboard-xM
- OpenVPN server
- OpenVPN
- Client - Windows
- Client - Mac OS
- Client - iPhone/iPad
- Client - Android
- OpenVPN on Linux
- Create a OpenVPN Certificate Authority
- RSA key management package
- Installing OpenVPN on CentOS 5 and CentOS 6
/etc/openvpn/openvpn --cd /etc/openvpn/server1 --config config.ovpn
--cd directory
Start Server successful log at following
Fri Sep 18 11:39:04 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Fri Sep 18 11:39:04 2015 Diffie-Hellman initialized with 1024 bit key
Fri Sep 18 11:39:04 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Sep 18 11:39:04 2015 ROUTE_GATEWAY 111.2.1.252/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:4f:b5:fc
Fri Sep 18 11:39:04 2015 TUN/TAP device tun0 opened
Fri Sep 18 11:39:04 2015 TUN/TAP TX queue length set to 100
Fri Sep 18 11:39:04 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 18 11:39:04 2015 /sbin/ip link set dev tun0 up mtu 1500
Fri Sep 18 11:39:04 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Fri Sep 18 11:39:04 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Fri Sep 18 11:39:04 2015 UDPv4 link local (bound): [undef]
Fri Sep 18 11:39:04 2015 UDPv4 link remote: [undef]
Fri Sep 18 11:39:04 2015 MULTI: multi_init called, r=256 v=256
Fri Sep 18 11:39:04 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Sep 18 11:39:04 2015 IFCONFIG POOL LIST
Fri Sep 18 11:39:04 2015 Initialization Sequence Completed
0 意見:
張貼留言