Uploaded by SAMYA ELBARMILE

OpenVpnV2 (1)

advertisement
Install OpenVPN and OpenSSL:
sudo apt-get update
sudo apt-get install openvpn openssl
Configure OpenVPN:
1.
Create the OpenVPN Server Configuration
nano /etc/openvpn/server.conf
port 1194
proto udp
dev tun0
dh dh.pem
ca ca.crt
cert server.crt
key server.key
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
2.
Generate SSL Certificates and Keys
# Generate a dh key
sudo openssl dhparam -out dh.pem 2048
# Generate a private key for the CA
openssl genpkey -algorithm RSA -out ca.key
# Generate a self-signed CA certificate
openssl req -new -x509 -key ca.key -out ca.crt
# Generate a private key for the server
openssl genpkey -algorithm RSA -out server.key
# Generate a Certificate Signing Request (CSR) for the server
openssl req -new -key server.key -out server.csr
# Sign the server CSR with the CA to create the server certificate
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
3.
Start OpenVPN
sudo systemctl start openvpn@server
4.
Enable IP Forwarding
o Edit the sysctl configuration to enable IP forwarding on the OpenVPN server.
Open the /etc/sysctl.conf file:
Uncomment or add the following line to enable IP forwarding:
net.ipv4.ip_forward=1
Apply the changes:
sudo sysctl -p
o Set up NAT (Network Address Translation):
Assuming your OpenVPN interface is named tun0, you can set up NAT using
iptables. Replace eth0 with your external network interface
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Save the iptables rule:
sudo sh -c 'iptables-save > /etc/iptables.rules'
o Adjust Firewall Rules:
sudo ufw allow in on tun0
sudo ufw allow out on tun0
o Restart OpenVPN and Apply Changes:
sudo systemctl restart openvpn@server
Create OpenVPN Client Configuration:
1. Generate Client Certificates
# Generate a private key for the client
openssl genpkey -algorithm RSA -out client.key
# Generate a Certificate Signing Request (CSR) for the client
openssl req -new -key client.key -out client.csr
# Sign the client CSR with the CA to create the client certificate
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt
2. Restart the server
sudo systemctl restart openvpn@server
3. Create Client Configuration (Client.ovpn)
Nano /etc/openvpn/client.ovpn
client
dev tun0
proto udp
remote 192.168.1.205 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
Connect from Client:
1. Install OpenVPN on your Windows machine.
2. Copy the client configuration files (client.ovpn, client.key, client.crt, and ca.crt) to the OpenVPN
configuration directory on your Windows machine.
3. Open the OpenVPN GUI on your Windows machine. You can find it in the Start menu or on the
desktop. Right-click on the OpenVPN icon in the system tray and select "Connect." It will use the
configuration file (client.ovpn) you placed in the configuration directory.
Download