Instalasi OpenVPN di CentOS
Check apakah tun / tap aktif atau tidak :
#cat /dev/net/tun
jika muncul status
cat: /dev/net/tun: File descriptor in bad state
berarti tun/tap sudah aktif, jika belum seperti itu mintalah provider server anda untuk mengaktifkannya.
hal selanjutnya yang harus anda lakukan adalah
Instal modul yang diperlukan
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
download OpenVPN repo
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
untuk 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
untuk 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
Membangun paket rpm
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
* ingat untuk mengubah i386 ke x86_64 jika Anda menggunakan 64bit
Instal OpenVPN
#yum install openvpn
#yum install openvpn
Copy OpenVPN easy-rsa folder ke / etc / openvpn /
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
Sekarang mari kita membuat sertifikat
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all
membangun CA
#./build-ca
#./build-ca
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter
Membangun server key
#./build-key-server server
#./build-key-server server
Almost the same with ./build.ca but check the changes and additional Common Name: server A challenge password: leave Optional company name: fill or enter sign the certificate: y 1 out of 1 certificate requests: y
Build Diffie Hellman (tunggu beberapa saat sampai proses selesai)
#./build-dh
#./build-dh
setelah itu buatlah Port UDP 1194 untuk konfigurasi OpenVPN,
#nano /etc/openvpn/1194.conf
#nano /etc/openvpn/1194.conf
local 123.123.123.123 #- your_server_ip port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 1.2.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
sebelum Anda menyimpan konfigurasi, pastikan bahwa “plugin /usr/share/.. /pam.d/login” dalam satu baris
Jalankan OpenVPN dengan 1194.conf
#openvpn /etc/openvpn/1194.conf &
#openvpn /etc/openvpn/1194.conf &
seperti inilah status OpenVPN jika berhasil terinstal
Mon Nov 6 10:30:12 2013 UDPv4 link remote: [undef]
Mon Nov 6 10:30:12 2013 MULTI: multi_init called, r=256 v=256
Mon Nov 6 10:30:12 2013 IFCONFIG POOL: base=1.2.3.4 size=62
Mon Nov 6 10:30:12 2013 Initialization Sequence Completed
Tidak ada komentar:
Posting Komentar