1. gcc
2. rpm-build
3. autoconf.noarch
4. zlib-devel
5. pam-devel
6. openssl-devel
7. make
install langsung semua nya
|
yum -y install gcc rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make wget iptables
wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
|
|
for 32bit
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
for 64bit
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
|
1
|
rpmbuild -tb openvpn-2.0.9.tar.gz
|
|
for 32bit
rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm
for 64bit
rpm -Uvh /usr/src/redhat/RPMS/x86_64/openvpn-2.0.9-1.x86_64.rpm
|
|
cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R
cd /etc/openvpn/
cp server.conf server.conf.bak
rm -rf server.conf
nano server.conf
|
kita buat port 53 : 80 : 138 : 443
|
port 53
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
|
|
port 80
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
|
|
port 138
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
|
|
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
|
tes openvpn confnya udah bener pa belon
|
openvpn /etc/openvpn/53.conf
openvpn /etc/openvpn/80.conf
openvpn /etc/openvpn/138.conf
openvpn /etc/openvpn/443.conf
|
Enabling packet forwarding dengan command:
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
Edit NAT table untuk MASQUERADING Command berikut :
*server Dedicated
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
|
*Sedangkan untuk VPS,
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx
|
*Sedangkan untuk Xen VPS
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to xxx.xxx.xxx.xxx
|
start openvpn dan iptable
|
service openvpn start
service iptables start
service openvpn restart
|
ca.crt di direktori /etc/openvpn/keys/
untuk add user
|
adduser zonet -m -s /bin/false
passwd zonet
|
Client Only
Download OpenVPN
|
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 53
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
|
|
client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 80
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
|
|
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 138
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
|
|
client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 443
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
|
copy file tersebut di c:\program files\openvpn\config
tested on XEN server centos 5.3 64bit