Saturday, March 23, 2013

tutorial membuat vpn server dengan ubuntu server

6:41 AM    

tutorial membuat vpn server dengan ubuntu server
berikut video nya


klik di bawah ini untuk mendownload config nya



berikut perintah-perintah nya
Sudo su
Ifconfig (catat ip nya)
Apt-get update
Apt-get install ssh
Apt-get install openvpn openssl
root@ubuntu:/home/dedak# cd /etc/openvpn/

root@ubuntu:/etc/openvpn# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

root@ubuntu:/etc/openvpn# apt-get install nano

root@ubuntu:/etc/openvpn# nano easy-rsa/vars

# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="/etc/openvpn/easy-rsa"
                                     (ganti di bagian ini)

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"


# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid.  This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=1024

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL=mail@host.domain
export KEY_CN=changeme
export KEY_NAME=changeme
export KEY_OU=changeme
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234

ctrl + x  [enter]
y  [enter]
root@ubuntu:/etc/openvpn# . ./easy-rsa/vars
root@ubuntu:/etc/openvpn# ./easy-rsa/clean-all
root@ubuntu:/etc/openvpn# cd easy-rsa/
root@ubuntu:/etc/openvpn/easy-rsa# ln -s openssl-1.0.0.cnf openssl.cnf
root@ubuntu:/etc/openvpn/easy-rsa# ls
root@ubuntu:/etc/openvpn/easy-rsa# cd ..
root@ubuntu:/etc/openvpn# ./easy-rsa/build-ca OpenVPN

Generating a 1024 bit RSA private key
.....................................++++++
.......................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name) [CA]:sumsel
Locality Name (eg, city) [SanFrancisco]:layo
Organization Name (eg, company) [Fort-Funston]:lingua
Organizational Unit Name (eg, section) [changeme]:prima
Common Name (eg, your name or your server's hostname) [changeme]:smkserver
Name [changeme]:smkserver1
Email Address [mail@host.domain]:q_hendra2ymail.com
root@ubuntu:/etc/openvpn# ./easy-rsa/build-key-server server
Generating a 1024 bit RSA private key
..............................................................++++++
.......++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name) [CA]:sumsel
Locality Name (eg, city) [SanFrancisco]:layo
Organization Name (eg, company) [Fort-Funston]:lingua
Organizational Unit Name (eg, section) [changeme]:prima
Common Name (eg, your name or your server's hostname) [server]:smkkey
Name [changeme]:smkkey1
Email Address [mail@host.domain]:q_hendra@ymail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:.(langsung enter saja)
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'id'
stateOrProvinceName   :PRINTABLE:'sumsel'
localityName          :PRINTABLE:'layo'
organizationName      :PRINTABLE:'lingua'
organizationalUnitName:PRINTABLE:'prima'
commonName            :PRINTABLE:'smkkey'
name                  :PRINTABLE:'smkkey1'
emailAddress          :IA5STRING:'q_hendra@ymail.com'
Certificate is to be certified until Mar  5 07:57:52 2023 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@ubuntu:/etc/openvpn# ./easy-rsa/build-key client1
Generating a 1024 bit RSA private key
.........................++++++
........................++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name) [CA]:sumsel
Locality Name (eg, city) [SanFrancisco]:layo
Organization Name (eg, company) [Fort-Funston]:lingua
Organizational Unit Name (eg, section) [changeme]:prima
Common Name (eg, your name or your server's hostname) [client1]:client1key
Name [changeme]:client1key1
Email Address [mail@host.domain]:q_hendras@yahoo.co.id

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:.  (langsung enter saja)
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'id'
stateOrProvinceName   :PRINTABLE:'sumsel'
localityName          :PRINTABLE:'layo'
organizationName      :PRINTABLE:'lingua'
organizationalUnitName:PRINTABLE:'prima'
commonName            :PRINTABLE:'client1key'
name                  :PRINTABLE:'client1key1'
emailAddress          :IA5STRING:'q_hendras@yahoo.co.id'
Certificate is to be certified until Mar  5 08:00:14 2023 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@ubuntu:/etc/openvpn# ./easy-rsa/build-dh
root@ubuntu:/etc/openvpn# nano openvpn.conf
                                         #(ketik perintah di bawah ini)
dev tun
proto udp
port 1194


ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

persist-key
persist-tun

status /var/log/openvpn-status.log
verb 3
client-to-client

push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

log-append /var/log/openvpn
comp-lzo

root@ubuntu:/etc/openvpn# echo 1 > /proc/sys/net/ipv4/ip_forward
root@ubuntu:/etc/openvpn# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx(ip yang anda catat tadi)
root@ubuntu:/etc/openvpn# cd ..
root@ubuntu:/etc# nano sysctl.conf

net.ipv4.ip_forward=1
(kalau ada tanda # [#net.ipv4.ip_forward=1] maka hilangkan tanda # nya seperti yang di atas)

root@ubuntu:/etc# cd ..
root@ubuntu:/# /etc/init.d/openvpn start
root@ubuntu:/# chmod -R 777 /etc/openvpn/easy-rsa/keys

vpn server telah selesai di buat....

langkah selanjutnya.
membuat konfig di vpn client, dalam hal ini saya menggunakan client windows
copy file
/etc/openvpn/easy-rsa/keys
Ca.crt
Client1.crt
Client1.key
Buat file dengan notepad newvpn.ovpn
dev tun
client
proto udp
remote xxx.xxx.xxx.xxx(ip yg anda catat tadi) 1194
resolv-retry infinete
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3