before we start to install openvpn, let me explain about it.
it will make full encrypted-tcp-ip stack tunnel connection among you and server. So your ip will be recognize as your server. You can also communicate among clients (if server is setted to). You can use UDP or TCP connection.
TCP connection will allow you to combine with other tunneling-technique, such as openvpn over ssh-sock-tunnel, or via http-proxy, etc..
on server, client can use bridge-mode (with tap connection) or tun connection (layer 3).
A. Openvpn Authentication
there are 3 types of openvpn Authentication.- you can use fully key only (no need username and password)
- you can use pam plugin to activate username and password
- or you can use username and tls files.
- moreover, you can combine it.
B. How it works
TCP connection will allow you to combine with other tunneling-technique, such as openvpn over ssh-sock-tunnel, or via http-proxy, etc..
on server, client can use bridge-mode (with tap connection) or tun connection (layer 3).
C. Install openvpn server
1. install openvpn (with tun)
sudo apt-get install openvpn
(some vps are not include tun module, so you need to mkdev tun by yourself)
2. copy easy-rsa
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
3. edit vars
sudo vim /etc/openvpn/easy-rsa/vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Montreal"
export KEY_EMAIL="me@superFastVPN.com"
4. setup CA
cd /etc/openvpn/easy-rsa/
sudo chown -R root:admin .
sudo chmod g+w .
source ./vars
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
5. copy your keys
cd keys openvpn --genkey --secret ta.key sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/6. create simpe server configuration
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gzip -d /etc/openvpn/server.conf.gzdev tunserver 10.7.0.0 255.255.255.0 push "dhcp-option DNS 8.8.8.8" tls-auth ta.key 0 # This file is secret user nobody group nogroupca ca.crt cert myservername.crt key myservername.key dh dh1024.pemproto udp tun-mtu 1500 tun-mtu-extra 32 mssfix 14507. route the server
its depend on your vps-types and your protocol,for udp or tcp : iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -j SNAT --to 123.123.123.123 If you're using Dedicated Server: for udp or tcp: iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE8. create client configuration
apt-get install network-manager-openvpnafter download file configuration from server, and install openvpn-network-manager, then open your network connection as below :for more about client configuration file production, you can see hereOther Reference :http://lowendbox.com/blog/getting-started-with-openvpn-server/
..show all:.
.
before we start to install openvpn, let me explain about it.
it will make full encrypted-tcp-ip stack tunnel connection among you and server. So your ip will be recognize as your server. You can also communicate among clients (if server is setted to). You can use UDP or TCP connection.
TCP connection will allow you to combine with other tunneling-technique, such as openvpn over ssh-sock-tunnel, or via http-proxy, etc..
on server, client can use bridge-mode (with tap connection) or tun connection (layer 3).
A. Openvpn Authentication
there are 3 types of openvpn Authentication.- you can use fully key only (no need username and password)
- you can use pam plugin to activate username and password
- or you can use username and tls files.
- moreover, you can combine it.
B. How it works
TCP connection will allow you to combine with other tunneling-technique, such as openvpn over ssh-sock-tunnel, or via http-proxy, etc..
on server, client can use bridge-mode (with tap connection) or tun connection (layer 3).
C. Install openvpn server
1. install openvpn (with tun)
sudo apt-get install openvpn
(some vps are not include tun module, so you need to mkdev tun by yourself)
2. copy easy-rsa
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
3. edit vars
sudo vim /etc/openvpn/easy-rsa/vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Montreal"
export KEY_EMAIL="me@superFastVPN.com"
4. setup CA
cd /etc/openvpn/easy-rsa/
sudo chown -R root:admin .
sudo chmod g+w .
source ./vars
./clean-all ## Setup the easy-rsa directory (Deletes all keys)
./build-dh ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
5. copy your keys
cd keys openvpn --genkey --secret ta.key sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/6. create simpe server configuration
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gzip -d /etc/openvpn/server.conf.gzdev tunserver 10.7.0.0 255.255.255.0 push "dhcp-option DNS 8.8.8.8" tls-auth ta.key 0 # This file is secret user nobody group nogroupca ca.crt cert myservername.crt key myservername.key dh dh1024.pemproto udp tun-mtu 1500 tun-mtu-extra 32 mssfix 14507. route the server
its depend on your vps-types and your protocol,for udp or tcp : iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -j SNAT --to 123.123.123.123 If you're using Dedicated Server: for udp or tcp: iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE8. create client configuration
apt-get install network-manager-openvpnafter download file configuration from server, and install openvpn-network-manager, then open your network connection as below :for more about client configuration file production, you can see hereOther Reference :http://lowendbox.com/blog/getting-started-with-openvpn-server/
No comments:
Post a Comment