Pembuatan sertifikat harus berada disisi server, yang kemudian kita kirimkan ke klien melalui email atau ftp.
Konfigurasi OpenVPN Server
apt-get install openvpn openssh-server
cd /usr/share/doc/openvpn/examples/easy-rsa/
cd 2.0/
vim vars
source ./vars
./clean-all
./build-ca
./build-key-server
./build-key-server server
./build-key client1
./build-key client2
./build-key client3
./build-key client4
./build-dh
cp keys/* /etc/openvpn/
cd /usr/share/doc/openvpn/examples/sample-config-files/
cp server.conf.gz /etc/openvpn/
cd /etc/openvpn/
gunzip server.conf.gz
vim server.conf
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/
scp -r client1.* root@ipclient1:/etc/openvpn/
scp -r dh1024.pem root@ipclient1:/etc/openvpn/
scp -r ca.* root@ipclient1:/etc/openvpn/
Konfigurasi OpenVPN Client
apt-get install openvpn openssh-server
cd /usr/share/doc/openvpn/examples/sample-config-files/
cp client.conf /etc/openvpn/
cd /etc/openvpn
vim client.conf
client
dev tap
proto udp
remote IP_VPN_SERVER 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
0 comments:
Post a Comment