Install a vpn in 5 minutes

by bouleetbil 25. mai 2011 21:21

OpenVPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Openvpn provide a pam module, you can have a vpn in 5 minutes.

Openvpn installation :
# pacman-g2 -S openvpn

Configuration :
# cp /usr/share/doc/openvpn-2.1.3/easy-rsa/2.0/ /etc/openvpn/easy-rsa/ -R
# cd /etc/openvpn/easy-rsa/
# nano vars
Change value of :
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"

# source ./vars
# ./clean-all
# ./build-ca
# ./build-dh
Generate server key :
# ./build-key-server server

Generate the latest keys ("for man in the middle attaque"):
# openvpn --genkey --secret keys/ta.key

Install the keys :
# cd keys/
# cp ca.crt dh1024.pem server.key ta.key server.crt ../../

Edit /etc/openvpn/openvpn.conf

port 1194
proto udp
dev tun0

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

client-to-client

keepalive 10 120

comp-lzo
max-clients 100

user nobody
group nobody

# of the privilege downgrade.
persist-key
persist-tun

status /var/log/openvpn-status.log
log-append /var/log/openvpn.log

verb 4

client-cert-not-required
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

push "redirect-gateway def1"
push "dhcp-option DNS xxx.xxx.xxx.xxx" #Optional : DNS server

Start the vpn :
#!/bin/sh
cd /etc/openvpn
openvpn openvpn.conf &
modprobe iptable_nat
modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F FORWARD
iptables -F INPUT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE

Client :
Edit /etc/openvpn/client.conf
client
dev tun
remote OpenvpnAdressIP 1194 # Adresse & port
proto udp
nobind
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cipher BF-CBC
comp-lzo
verb 3
auth-user-pass
route-method exe
route-delay 2

Start client :
# openvpn client.conf

now all users that have an acces on this server can use this vpn

Tags:

Frugalware | Linux

Billets liés

Install/configure a proxy for personal usage in 5 minutesTinyproxy is a light-weight HTTP proxy daemon for POSIX operating systems. Install it :# pacman-g2 ...Mini howto server openvpnHi, Mini howto for install/configure openvpn : Installation :# pacman-g2 -Sy openvpn Configuratio...Openvpn clientInstallation :# pacman-g2 -Sy openvpn Configuration :In this post http://dors.frugalware.org/blogen...

Commentaires