Download pdf - Tutorial VPN Client to Site on CentOS With OpenVPN - Trung Tâm Đào Tạo Mạng Máy Tính Nhất Nghệ

Ngy 25 thng 9 nm 2014 Tutorial VPN Client to Site on CentOS with OpenVPN - Trung Tm o To Mng My Tnh Nht Ngh

http://www.nhatnghe.com/forum/showthread.php?t=136475 1/18

#1

Trang Ch Gii Thiu Chng Trnh Hc Ti Liu Tin Tc F.A.Q Lch Khai Ging Hc Ph Vic Lm

Trung Tm o To Mng My Tnh Nht Ngh > CISCO - LINUX - CEH - VIRTUALIZATION - DRAYTEKTECHNOLOGY > [ LINUX ] Tho lun chung

[Tutorial] VPN Client to Site on CentOS with OpenVPN

Ti khon Ti khon Ghi Nh?

Mt m ng Nhp

ng K Thnh Vin Thnh Vin Lch

VIDEO HNG DN THIT K GAME FLAPPY BIRD

CNG NGH O HA VMWARE VSPHERE

THNG BO V VIC N TP, H TR K THUT MY TNH & MNG

L PH THI QUC T THNG 09

HNG DN NG K THI MICROSOFT (NEW)

NG K THAM D LP HC MIN PH "MASTER SEO" NGY05/10/2014

[ LINUX ] Tho lun chung Trao i cc vn chung lin quan n mn hc Linux Ngi Qun Tr : Quang Ngc

Vui lng g t kha lin quan n vn bn quan tm vo khung di , trc khi t cu hi mi. Tm Kim Trn Nht Ngh

Trang 1/5 1 2 3 > Last

iu Chnh

20-04-2011, 20:49

tindecken Khm Ph

Tham gia ngy: Nov 2007Bi gi: 111Thanks: 17Thanked 36 Times in 6 Posts

VPN Client to Site on CentOS with OpenVPN

Hng dn VPN Client to Site with OpenVPNon CentOS

M t:



User (VPN Client) t bn ngoi h thng thc hin quay VPN n Server OpenVPN theo c ch chng thc Certificate dngKey + Password bo v Key (khc vi Password ca Key nha).

Qu trnh kt ni VPN thnh cng:- 1 ng hm (Tunnel o) c Subnet 10.8.0.0/24 c to ra, VPN Client s kt ni n h thng mng cng ty theong hm ny. (bo mt )- VPN Client s c Server cp pht 1 a ch IP tnh thuc subnet 10.8.0.0/24 c th giao tip vi cc Local Computerbn trong h thng.

Bc 0: Chun bThit lp, t IP theo m hnh.



m bo: Local Computer kt ni c vi OpenVPN ServerVPN Client kt ni ca OpenVPN Server ( quay VPN)Softs: OpenVPN GUI: ci t trn VPN Client dng quay VPN n ServerGi lzo: ci t trn Server dng nn d liu trn ng truynGi openvpn: ci t trn Server lm OpenVPN Server.

Cc softs ny c th download trn trang ch hoc mnh sn y http://www.mediafire.com/?ir9fdp8nybzcy8n

Bc 1: Ci t VPN Server- Copy cc gi ci t lzo-1.08, openvpn-2.0.9 vo th mc c nhn ca root (/root)

- cd /root- Gii nn v ci lzo-1.08tar xvzf lzo-1.08.tar.gzcd lzo-1.08./configure (kim tra cc th vin cha)make (thc hin bin dch)make install (thc hin ci t)



- Gii nn v ci t openvpn : cd ..tar -xzvf openvpn-2.0.9.tar.gzcd openvpn-2.0.9./configuremakemake install

- To th mc /etc/openvpn:mkdir /etc/openvpn

Bc 2: To CA Certificate Server v Key- Copy th mc easy-rsa t th mc gii nn vo /etc/openvpn cp -r /root/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

- To CA Certifiacte Server:cd /etc/openvpn/easy-rsa/2.0/mv * ../ (move ton b file trong th mc 2.0/ ra th mc easy-rsa/)

cd .. (chuyn n th mc easy-rsa/)

mkdir keys (to th mc /etc/openvpn/easy-rsa/keys cha keys, certificate)vi vars (sa cc thng s mc nh hoc c th b qua bc ny, dng thng s mc nh)

export KEY_COUNTRY="VN"export KEY_PROVINCE="TP HCM"export KEY_CITY="HCM"export KEY_ORG="Nhat Nghe"export [email protected]

- Cu hnh CA: . ./vars ; ch c 1 khong trng gia 2 du chm (dng khi to cc bin mi trng thit lp bc trn)Khi chy lnh ny, yu cu h thng l khng c file no trong th mc keys c, s hin ra dng thng bo chy lnh./clean-all xa trng th mc /etc/openvpn/easy-rsa/keys nu c../clean-all

- To CA server: To private key lu trong file 'ca.key' cho CA./build-ca, nhp cc thng s vo, lu : phn common name l xc nh duy nht do cn nh phn ny.



ls th mc keys s thy c cc file c to ra

Cc key ny u c m ha, c th cat ra xem c g trong cho zui

- To certificate v private key cho server (xin CA cho server) bc trn chng ta to CA Server tng t nh server ca cc t chc bn Certificate (Verizon,), trong bc ny tas to Private Key cho cc server c nhu cu s dng vic chng thc bng Certificate (cc ngn hng, ..) y serverchng ta l OpenVPN../build-key-server openvpnserver



ls keys/ ra xem c thm vi file c to ra

- To Diffie Hellman ( DH ): bm keys./build-dhQu trnh bm keys c th din ra nhanh hay chm.

- To Client Certificate v Private key cho Client ( thc hin chng thc 2 chiu). y mnh to 2 keys cho 2 userkuti v kuteo./build-key kuti (common name: kuti)



Tng t to thm cho kuteo./build-key kuteo (common name: kuteo)Xong bc ny l chng ta hon thnh vic to cc Certificate v Keys cn thit cho vic chng thcls keys/ ra xem kt qu bc ny

Chng ta c kh nhiu file trong th mc keys/ ny, cc keys ny s c phn b n server, clients hp l theo nh bngbn di:



Bc 3: Cu hnh chc nng Forwarding (dng thc hin Lan Routing)

vi /etc/sysctl.conf7: net.ipv4.ip_forward = 1sysctl p ( cho cc thng s c hiu lc)echo 1 > /proc/sys/net/ipv4/ip_forward

Bc 4: Cu hnh VPN Server

- Copy file cu hnh server.conf mu t source ci t vo /etc/openvpn/cp /root/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/- Chnh sa file cu hnh:cd /etc/openvpn/vi server.conf

25: local 192.168.1.200 (chn card mng user quay VPN n, c th khng cn option ny)32: port 1723 (default l 1194, thng port ny b firewall block nn t 1723 cho ging port VPN Server ca WindowsServer)36: proto udp (protocol udp)53: dev tun (dng tunnel, nu dng theo bridge chn dev tap0 v nhng config khc s khc vi tunnel)78: ca /etc/openvpn/easy-rsa/keys/ca.crt (khai bo ung dn cho file ca.crt)79: cert /etc/openvpn/easy-rsa/keys/openvpnserver.crt80: key /etc/openvpn/easy-rsa/keys/openvpnserver.key87: dh /etc/openvpn/easy-rsa/keys/dh1024.pem96: server 10.8.0.0 255.255.255.0 (khai bo dy IP cn cp cho VPN Client, mc nh VPN Server s ly IP u tin 10.8.0.1)103: ;ifconfig-pool-persist ipp.txt (dng cho VPN Client ly li IP trc nu b t kt ni vi VPN server, do chng tadng IP tnh nn khng s dng thng s ny)124: push route 172.16.0.0 255.255.255.0 (lnh ny s y route mng 172.16.0.0 n Client, hay cn gi l LanRouting trong Windows Server, gip cho VPN Client thy c mng bn trong ca cng ty)125: ;push route 192.168.1.200 255.255.255.0 do bi Lab ca chng ta VPN Client connect n c network192.168.1.0 nn khng cn add route dng ny (nu c s khng chy c),ch cn add route cc lp mng bn trong cng ty m Client bn ngoi khng connect c)138: client-config-dir ccd (dng khai bo cp IP tnh cho VPN Client)196: client-to-client (cho php cc VPN client nhn thy nhau, mc nh client ch thy server)

Cng kh n gin nh, ngoi ra cn cnhng thng s khc khng dng n nh:181 ;push redirect-gateway (mi traffic ca VPN Client http, dns, ftp, u thng qua ung Tunnel. Khc vi lnhpush route, ch nhng traffic i vo mng ni b mi thng qua Tunnel, khi dng lnh ny yu cu bn trong mng ni bcn c NAT Server, DNS Server)187, 188: push dhcp-option DNS (WINS) 10.8.0.1 y DNS or WINS config vo VPN Client

Mi ngi c ngh lnh push s p config t server n VPN Client. Khi quay VPN thnh cng, Client s c VPN Serveradd nhng thng s config ny.

- Cu hnh file IP tnh tng ng vi tng User:Sau khi cu hnh server, tip ta s cu hnh cc file t trong th mc cdd/ tng ng vi tng User VPN.

+ To th mc ccd (/etc/openvpn/ccd)mkdir /etc/openvpn/ccd+ To profile cho user kuti

NHAT

NGHE

ICT

TRAINING

CENTER



vi /etc/openvpn/ccd/kuti1: ifconfig-push 10.8.0.2 10.8.0.1

theo file cu hnh trn user kuti s nhn IP l 10.8.0.2

Cp IP khai bo trong lnh trn phi thuc bng bn di, ng vi mi user s c 1 cp ip tng ng.

Cn l do thuc bng trn, cc bn tham kho y: http://openvpn.net/index.php/open-so...to.html#policy

+ To profile cho user kuteovi /etc/openvpn/ccd/kuteo1: ifconfig-push 10.8.0.6 10.8.0.5 theo file cu hnh trn user kuti s nhn IP l 10.8.0.6

Cc bn c th thy hn ch ca vic t IP theo bng trn l Subnet 10.8.0.0/24 ta ch c th config IP tnh cho 64 user(tng ng vi 64 cp IP trn). Nu trong cng ty c nhiu hn 64 user s dng VPN , chng ta s to thm 1 subnetna, chng hn 10.9.0.0 v add route thm mng ny vo file server.conf trn.

Bc 5: Start VPN Server v tin hnh quay VPN, test vi cc user kuti, kuteo.

- Start OpenVPN Servercd /etc/openvpnopenvpn server.conf



- Ci t, config OpenVPN GUI cho Client+ Chy file openvpn-2.0.9-gui-1.0.3-install.exe, ci t mc nh.+ Chp cc file key, certificate cn thit ca.crt, kuti.crt, kuti.key vo ng dn C:\Program Files\OpenVPN\config+ Copy file client.ovpn t ng dn C:\Program Files\OpenVPN\sample-config vo C:\Program Files\OpenVPN\config

+ Edit file client.ovpn:

clientdev tun (tunnel)proto udp (upd protocol)remote 192.168.1.200 1723 (khai bo IP:Port server OpenVPN)nobindpersist-keypersist-tunca ca.crt (khai bo CA server)cert kuti.crt (certificate user kuti)key kuti.key (private key kuti)



comp-lzoverb 3

- Quay VPNRight Click vo biu tng Card mng mi sau khi ci OpenVPN GUI, chn Connects

Cc bn c th thy quay VPN thnh cng, nhn IP 10.8.0.2, cc route cn thit cng c add vo.

- Set password bo v Key:

Right click vo Icon OpenVPN Chn Change Password

Sau ny khi quay VPN, h thng s yu cu thm password ny na.



- Test:+ Kim tra Route print: start --> run --> cmd --> route print

Ok, thy server add route cho client kuti 2 mng 172.16.0.0/24 v 192.168.1.0/24, cc bn c th thy 2 mng nyu i qua Gateway c IP: 10.8.0.1 IP Tunnel ca VPN Server - vi metric 1.

+ Kim tra kt ni vi mng bn trong bng lnh ping.



+ Quay VPN vi user kuteoLm cc bc tng t nh user kuti

User kuteo nhn IP: 10.8.0.6 nh cu hnh trong file /etc/openvpn/ccd/kuteo trn.

+ Ping n VPN Client 1 (kuti: 10.8.0.2) v Local Computer (172.16.0.2)



#2

#3

Nh vy chng ta hon thnh bi Lab ny. Hi vng mi ngi u lm c, nu b li hoc khng hiu lm bc no:- Xem hng dn, gii thch full : http://openvpn.net/howto.html- Post ln mnh s c gng tr li (nu c ).

Cn 1 phn nh (lm thm) na trong bi Lab ny, mnh s cp nht sau

Bi vit kh di (dng) anh em c t t nh.

thay i ni dung bi: tindecken, 20-04-2011 lc 21:01

c 28 ngi gi li cm n tindecken v bi vit hu ch ny:anhnd, baothai30491, copa, dangminh1990, dthbinh1, duongit2003, HieuITVN, khoainuong, kingcasino, mcsa2003,MrGiangCoi, mrtinhcongnghe, nghia0302, nguyennghi1, nhamai, nth1990, pcit247, phongb2b, seachone, street,thanhtamntp, TKL, truongln, tuyenld, vienba, vinhky20119, vinhphong, watchman

Sponsored links

23-04-2011, 15:11

truongln Mi ng K

Tham gia ngy: Aug 2009Bi gi: 4Thanks: 1Thanked 0 Times in 0 Posts

oh yeah, ng ci mnh ang tm, thanks !

23-04-2011, 18:42

Tham gia ngy: Sep 2006Bi gi: 2,314Thanks: 12Thanked 442 Times in 210 Posts



#4

#5

#6

#7

#8

#9

itvietnam www.vhost.vn

Stick ln mi ngi d thy.

23-04-2011, 22:43

MrGiangCoi Khm Ph

Tham gia ngy: Mar 2010Tui: 27Bi gi: 269Thanks: 3Thanked 62 Times in 41 Posts

lm step by step ca openVPN, d sao cng thank bc nhiu

26-04-2011, 10:04

vinhky20119 Thnh Vin Mi

Tham gia ngy: Sep 2007Bi gi: 20Thanks: 8Thanked 0 Times in 0 Posts

Thanks ban nhieu lam ... bai viet rat huu ich ....

10-05-2011, 10:08

tindecken Khm Ph


Spam h bn

10-05-2011, 10:39

quangchjen Thnh Vin Mi

Tham gia ngy: May 2010Tui: 27Bi gi: 63Thanks: 12Thanked 15 Times in 10 Posts

VPN Server y l linux h cc bc??

18-05-2011, 00:56

tindecken Khm Ph


1. "Bn bt OpenVPN" c ngha l bn dng lnh openvpn server.conf hay dng lnh openvpn server.conf v dngClient quay n VPN server thnh cng. ?2. "gateway ca my openvpn" theo bn l IP: 172.16.0.1 nh trong s trn? hay IP: 10.8.0.1 ?3. "bn nh tuyn ca cc my client trong lan vn thy c ng i n gateway ca my openvpn" ccmy Client trong Lan l my Local Computer nh trong hnh ?

Lu : bn nn dng my o ht test, ng dng my tht lm my Local Computer nha, mnh th ri, khi quay VPNthnh cng th my Client 1 lc ping c, lc ping khng c n my Local Computer.

13-08-2011, 22:15

Tham gia ngy: Apr 2008Bi gi: 3



#10

Digg del.icio.us Google StumbleUpon

thaptamnuong Mi ng K

Thanks: 2Thanked 1 Time in 1 Post

chun ko cn chnh

bi vit rt chun. cm n nhiu.Bn lm Site to Site lun i.

Nhng ngi sau y gi li cm n thaptamnuong v bi vit hu ch ny:panda_it

14-08-2011, 03:14

300000 Khm Ph

Tham gia ngy: Mar 2008Bi gi: 387Thanks: 3Thanked 178 Times in 113 Posts

[QUOTE=tindecken;631606]1. "Bn bt OpenVPN" c ngha l bn dng lnh openvpn server.conf hay dng lnhopenvpn server.conf v dng Client quay n VPN server thnh cng. ?2. "gateway ca my openvpn" theo bn l IP: 172.16.0.1 nh trong s trn? hay IP: 10.8.0.1 ?3. "bn nh tuyn ca cc my client trong lan vn thy c ng i n gateway ca my openvpn" ccmy Client trong Lan l my Local Computer nh trong hnh ?[/QOUTE]

Nu bn vit hng dn th nn gi c hai tp tin config ca server v client ln mi ngi copy vo lm theo , cn vitth ny th hi b kh , openvpn ch kh khi chnh li hai ci file config thi .

theo mnh thy th bn cho hai ci my openvpn server v openvpn client vo cng mt swich ng khng vy? nu th ththc ra cha th gi l kt ni thnh cng openvpn c v mt phn quan trng trong openvpn l thay i routing trong hthng nn cu hnh c hai my trong cng mt di a ch IP th ng nhin ping c ri, nu kt ni t ngi internet thc chy c khoogn vy? cha chc v mnh thy bn pha server openvpn cn thiu dng ny na iptables -t nat -APOSTROUTING -o eth0 -j MASQUERADE sau khi c dng th mi c th chy c.

phn th hai nu mun chy t ngoi internet th phi to static route router pha server th lc client mi thc s cth chy c , cha thy hng dn phn th khi kt ni t ngoi vo cha chc chy c u

Sponsored links

Trang 1/5 1 2 3 > Last

Bookmarks

Ti Trc | Ti K

Quyn S Dng Din n

You may not post new threadsYou may not post repliesYou may not post attachmentsYou may not edit your posts

BB code is MSmilies ang M[IMG] ang MHTML ang Tt

Forum RulesChuyn n [ LINUX ] Tho lun chung Tip Tc

Similar Threads

ti Ngi Gi Chuyn mc Trli Bi mi gi

Gii php VPN: IPSEC VPN v SSL VPN little planet Network Infrastructure 15 20-03-2011 21:17

[Help] Thc mc khi to VPN Client to Site trn ISA 2006 soundwizard Firewall 0 13-10-2010 08:40



[Tutorial] Cisco VPN Client 5.0.07.0290 + Thuc longu Softwares - Tools 2 28-04-2010 13:52

[Tutorial] Lab VPN Client to Site,Site to SitePPTP,L2TP/IPSec qua ISA 2006(Video Full) VioDes7 Firewall 2 12-03-2010 22:15

Mi gi GMT +7. Hin ti l 15:47Powered by: vBulletin Version 3.8.7

Copyright 2000 - 2014, Jelsoft Enterprises Ltd.Ad Management by RedTyger

Lin Lc - Nht Ngh - Lu Tr - Tr Ln Trn