tutorial membuat vpn server dengan ubuntu server
berikut video nya
klik di bawah ini untuk mendownload config nya
berikut perintah-perintah nya
vpn server telah selesai di buat....
langkah selanjutnya.
berikut video nya
klik di bawah ini untuk mendownload config nya
berikut perintah-perintah nya
Sudo su
Ifconfig (catat
ip nya)
Apt-get update
Apt-get install ssh
Apt-get install
openvpn openssl
root@ubuntu:/home/dedak#
cd /etc/openvpn/
root@ubuntu:/etc/openvpn#
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
root@ubuntu:/etc/openvpn#
apt-get install nano
root@ubuntu:/etc/openvpn#
nano easy-rsa/vars
# easy-rsa parameter settings
# NOTE: If you installed from an
RPM,
# don't edit this file in place
in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the
whole
# easy-rsa directory to another
location
# (such as /etc/openvpn) so that
your
# edits will not be wiped out by
a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export
EASY_RSA="/etc/openvpn/easy-rsa"
(ganti di bagian ini)
#
# This variable should point to
# the requested executables
#
export
OPENSSL="openssl"
export
PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf
$EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export
KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run
./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export
PKCS11_MODULE_PATH="dummy"
export
PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation
performance
# as well as the one-time DH
parms
# generation process.
export KEY_SIZE=1024
# In how many days should the
root CA key expire?
export CA_EXPIRE=3650
# In how many days should
certificates expire?
export KEY_EXPIRE=3650
# These are the default values
for fields
# which will be placed in the
certificate.
# Don't leave any of these fields
blank.
export KEY_COUNTRY="US"
export
KEY_PROVINCE="CA"
export
KEY_CITY="SanFrancisco"
export
KEY_ORG="Fort-Funston"
export
KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL=mail@host.domain
export KEY_CN=changeme
export KEY_NAME=changeme
export KEY_OU=changeme
export
PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234
ctrl + x [enter]
y [enter]
root@ubuntu:/etc/openvpn#
. ./easy-rsa/vars
root@ubuntu:/etc/openvpn#
./easy-rsa/clean-all
root@ubuntu:/etc/openvpn#
cd easy-rsa/
root@ubuntu:/etc/openvpn/easy-rsa#
ln -s openssl-1.0.0.cnf openssl.cnf
root@ubuntu:/etc/openvpn/easy-rsa#
ls
root@ubuntu:/etc/openvpn/easy-rsa#
cd ..
root@ubuntu:/etc/openvpn#
./easy-rsa/build-ca OpenVPN
Generating a 1024 bit RSA private
key
.....................................++++++
.......................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter
information that will be incorporated
into your certificate request.
What you are about to enter is what
is called a Distinguished Name or a DN.
There are quite a few fields but
you can leave some blank
For some fields there will be a
default value,
If you enter '.', the field will be
left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name)
[CA]:sumsel
Locality Name (eg, city)
[SanFrancisco]:layo
Organization Name (eg, company)
[Fort-Funston]:lingua
Organizational Unit Name (eg,
section) [changeme]:prima
Common Name (eg, your name or your
server's hostname) [changeme]:smkserver
Name [changeme]:smkserver1
Email Address [mail@host.domain]:q_hendra2ymail.com
root@ubuntu:/etc/openvpn#
./easy-rsa/build-key-server server
Generating a 1024 bit RSA private
key
..............................................................++++++
.......++++++
writing new private key to
'server.key'
-----
You are about to be asked to enter
information that will be incorporated
into your certificate request.
What you are about to enter is what
is called a Distinguished Name or a DN.
There are quite a few fields but
you can leave some blank
For some fields there will be a
default value,
If you enter '.', the field will be
left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name)
[CA]:sumsel
Locality Name (eg, city)
[SanFrancisco]:layo
Organization Name (eg, company)
[Fort-Funston]:lingua
Organizational Unit Name (eg,
section) [changeme]:prima
Common Name (eg, your name or your
server's hostname) [server]:smkkey
Name [changeme]:smkkey1
Email Address [mail@host.domain]:q_hendra@ymail.com
Please enter the following 'extra'
attributes
to be sent with your certificate
request
A challenge password []:123456
An optional company name []:.(langsung
enter saja)
Using configuration from
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the
signature
Signature ok
The Subject's Distinguished Name is
as follows
countryName :PRINTABLE:'id'
stateOrProvinceName :PRINTABLE:'sumsel'
localityName :PRINTABLE:'layo'
organizationName :PRINTABLE:'lingua'
organizationalUnitName:PRINTABLE:'prima'
commonName :PRINTABLE:'smkkey'
name :PRINTABLE:'smkkey1'
emailAddress :IA5STRING:'q_hendra@ymail.com'
Certificate is to be certified
until Mar 5 07:57:52 2023 GMT (3650
days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests
certified, commit? [y/n]y
Write out database with 1 new
entries
Data Base Updated
root@ubuntu:/etc/openvpn#
./easy-rsa/build-key client1
Generating a 1024 bit RSA private
key
.........................++++++
........................++++++
writing new private key to
'client1.key'
-----
You are about to be asked to enter
information that will be incorporated
into your certificate request.
What you are about to enter is what
is called a Distinguished Name or a DN.
There are quite a few fields but
you can leave some blank
For some fields there will be a
default value,
If you enter '.', the field will be
left blank.
-----
Country Name (2 letter code) [US]:id
State or Province Name (full name)
[CA]:sumsel
Locality Name (eg, city)
[SanFrancisco]:layo
Organization Name (eg, company)
[Fort-Funston]:lingua
Organizational Unit Name (eg,
section) [changeme]:prima
Common Name (eg, your name or your
server's hostname) [client1]:client1key
Name [changeme]:client1key1
Email Address [mail@host.domain]:q_hendras@yahoo.co.id
Please enter the following 'extra'
attributes
to be sent with your certificate
request
A challenge password []:123456
An optional company name []:. (langsung enter saja)
Using configuration from
/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the
signature
Signature ok
The Subject's Distinguished Name is
as follows
countryName :PRINTABLE:'id'
stateOrProvinceName :PRINTABLE:'sumsel'
localityName :PRINTABLE:'layo'
organizationName :PRINTABLE:'lingua'
organizationalUnitName:PRINTABLE:'prima'
commonName :PRINTABLE:'client1key'
name :PRINTABLE:'client1key1'
emailAddress :IA5STRING:'q_hendras@yahoo.co.id'
Certificate is to be certified
until Mar 5 08:00:14 2023 GMT (3650
days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests
certified, commit? [y/n]y
Write out database with 1 new
entries
Data Base Updated
root@ubuntu:/etc/openvpn#
./easy-rsa/build-dh
root@ubuntu:/etc/openvpn#
nano openvpn.conf
#(ketik perintah di bawah ini)
dev tun
proto udp
port 1194
ca
/etc/openvpn/easy-rsa/keys/ca.crt
cert
/etc/openvpn/easy-rsa/keys/server.crt
key
/etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway
def1"
#set the dns servers
push "dhcp-option DNS
8.8.8.8"
push "dhcp-option DNS
8.8.4.4"
log-append /var/log/openvpn
comp-lzo
root@ubuntu:/etc/openvpn#
echo 1 > /proc/sys/net/ipv4/ip_forward
root@ubuntu:/etc/openvpn#
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx(ip yang anda catat tadi)
root@ubuntu:/etc/openvpn#
cd ..
root@ubuntu:/etc# nano
sysctl.conf
net.ipv4.ip_forward=1
(kalau ada tanda # [#net.ipv4.ip_forward=1] maka hilangkan tanda # nya seperti yang di atas)
root@ubuntu:/etc# cd
..
root@ubuntu:/#
/etc/init.d/openvpn start
root@ubuntu:/# chmod
-R 777 /etc/openvpn/easy-rsa/keys
vpn server telah selesai di buat....
langkah selanjutnya.
membuat konfig di vpn client, dalam hal ini saya menggunakan client windows
copy file
/etc/openvpn/easy-rsa/keys
Ca.crt
Client1.crt
Client1.key
Buat file dengan notepad newvpn.ovpn
dev tun
client
proto udp
remote xxx.xxx.xxx.xxx(ip yg anda catat tadi) 1194
resolv-retry infinete
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3