Download dulu Repo
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm
Install OpenVPN
yum install openvpn easy-rsa -y
Copy config Server
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
Edit config Server
vi /etc/openvpn/server.conf
hapus # dan edit untuk config berikut
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
user nobody
group nobody
Copy Key
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
Edit file vars sesuai keinginan anda, klo ane pake defaultnya,
/etc/openvpn/easy-rsa/vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="New York"
export KEY_ORG="Organization Name"
export KEY_EMAIL="administrator@example.com"
export KEY_CN=droplet.example.com
export KEY_NAME=server
export KEY_OU=server
Copy file openssl
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Build Certificate
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
Build key Server, tinggal enter2 :D
./build-key-server server
Truss..
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Buat Client
cd /etc/openvpn/easy-rsa
./build-key client
Allow di iptablesnya
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
Enable IP Forward
/etc/sysctl.conf
net.ipv4.ip_forward = 1
Kemudian
sysctl -p
service openvpn start
chkconfig openvpn on
Tambahan:
Untuk VPS OpenVZ allow rule berikut supaya client bisa internetan
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source xxx.xxx.xxx.xxx
service iptables save
Untuk Akses ke server openvpn, Install dulu openvpnnya, di situs https://openvpn.net/index.php/open-source/downloads.html
kemudian copy file ca.crt, client.crt, client.key di server paste kan di C:\Program Files\OpenVPN\config (Windows 8 64bit)
buat file config client dengan nama client.ovpn
clientJalankan openvpn as administrator, kemudian connect,
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
Note:
xxx.xxx.xxx.xxx = IP Public
Comments
Post a Comment