“OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).” (Cite from Linux Security).
So with OpenVPN you can create a secure private network using internet connection/Public IP. OpenVPN uses the OpenSSL library to provide encryption of both the data (client and server) and control channels and transmitted data. OpenVPN work in multi platform. So once the server is setup and configured (i suggest use Linux), the client can connect from any platform (Windows, Mac OS, And Linux).
To install OpenVPN on Linux Ubuntu 10.04:
The Server
Login as root first:
1 |
sudo su |
Install the OpenVPN:
1 |
apt-get install openvpn libssl-dev openssl |
Configure it:
1. Copy the easy-rsa directory to openvpn folder:
1 2 3 |
cd /etc/openvpn/ cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ chown -R $USER /etc/openvpn/easy-rsa/ |
2. Edit the vars file
1 |
nano /etc/openvpn/easy-rsa/vars |
3. Find and edit this line:
1 2 3 4 5 |
export KEY_COUNTRY="ID" export KEY_PROVINCE="DKI" export KEY_CITY="Jakarta" export KEY_ORG="ahmadfauzi.web.id" |
With your information
4. Create the server certificates:
1 2 3 4 5 6 7 8 9 |
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server server cd keys openvpn --genkey --secret ta.key cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ |
5. Create the client certificates:
1 2 3 4 |
cd /etc/openvpn/easy-rsa/ source vars ./pkitool [writeyourhostnamehere] cd .. |
Change hostname to your server hostname (with no brackets)
6. Compress certificate for client:
1 2 3 4 5 6 7 8 9 10 |
cd /home mkdir forclient cd forclient cp /etc/openvpn/keys.tgz . cp /etc/openvpn/ca.crt . cp /etc/openvpn/ta.key . cp /etc/openvpn/easy-rsa/keys/[writeyourhostnamehere].crt . cp /etc/openvpn/easy-rsa/keys/[writeyourhostnamehere].key . cd ../ tar -czvf forclient.tgz forclient |
7. Download/copy forclient.tgz for your openvpn client (I save the forclient.tgz into my /home folder)
8. Configure /etc/openvpn/server.conf
1 2 |
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gzip -d /etc/openvpn/server.conf.gz |
9. Edit server.conf
1 |
nano /etc/openvpn/server.conf |
And change the folowing lines, I use 192.168.10.0/24 for my private network. If you use 222.124.204.34 from your public IP Address, then add it became:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# This is your public IP Address local 222.124.204.34 port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem # This is my private network from server to client server 192.168.10.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.10.0 255.255.255.0" push "redirect-gateway" # Enter your DNS Address push "dhcp-option DNS 10.10.10.1" keepalive 10 120 tls-auth ta.key 0 # This file is secret cipher AES-128-CBC # AES comp-lzo user root group root persist-key persist-tun status openvpn-status.log log openvpn.log log-append openvpn.log verb 3 |
And save then.
After that, start the OpenVPN server with the following command:
1 |
sudo /etc/init.d/openvpn start |
And the following command for restart the VPN:
1 |
sudo /etc/init.d/openvpn restart |
The Client
On the Client, you must have OpenVPN first, install it:
1 |
sudo apt-get install openvpn libssl-dev openssl |
Then configure it:
1 |
nano client.conf |
Add the following lines:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
client dev tun proto udp # This IP should point to your OpenVPN server remote 222.124.204.34 1194 resolv-retry infinite nobind user root group root persist-key persist-tun ca ca.crt cert [writeyourhostnamehere].crt key [writeyourhostnamehere].key ns-cert-type server tls-auth ta.key 1 cipher AES-128-CBC comp-lzo verb 3 |
Save it.
Get the forclient.tgz file from server (/home/forclient.tgz) and extract it into /etc/openvpn
1 2 |
cd /etc/openvpn tar -xzvf /home/forclient.tgz . |
Test connection from client to server by typing:
1 2 |
cd /etc/openvpn openvpn --config client.conf |
And ping from client to server through Private IP:
1 |
ping 192.168.10.1 |
If you get reply from server, it means your configuration was successful 🙂 and if Request Timed Out, check back the script
Good luck! 🙂