openvpn server

eduardo

1 Apr 2013

# cd /etc/openvpn # mkdir easy-rsa # cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa/ # chmod -R +x easy-rsa/

editar /etc/openvpn/easy-rsa/vars alterando os dados da organização e o tamanho da chave dh
# cd easy-rsa/ # . ./vars # set environment variables # ./clean-all # ./build-ca # ./build-key-server server1 ... # ./build-dh # ./build-key-pkcs12 client1 ... # openvpn --genkey --secret server1_tls.key ... # mv cpe??s_tls.key keys # tar cvzf cpe10.tgz keys/cpe??c.p12 keys/cpe??s_tls.key

scp cpe10:/etc/openvpn/easy-rsa/cpe10.tgz ./

ficheiro /etc/openvpn/server1.conf
port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server1.crt key /etc/openvpn/easy-rsa/keys/server1.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.0.8.0 255.255.255.0 #ifconfig-pool-persist ipp.txt push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 208.67.220.220" push "redirect-gateway" keepalive 10 60 local 95.172.238.61 cipher AES-128-CBC tls-auth /etc/openvpn/easy-rsa/keys/server1_tls.key 0 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 3

iptables -t nat -A POSTROUTING -s 10.0.8.0/24 ! -d 10.0.8.0/24 -j SNAT --to-source 130.185.82.235

cat /etc/iptables.up.rules

# Generated by iptables-save v1.4.8 on Sat Apr 27 14:34:55 2013 *filter :INPUT ACCEPT [1173791:178238501] :FORWARD ACCEPT [3086743:2554550601] :OUTPUT ACCEPT [1988484:2626747761] #-A INPUT -p udp -m udp --dport 1195:1203 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 1194:1205 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sat Apr 27 14:34:55 2013 # Generated by iptables-save v1.4.8 on Sat Apr 27 14:34:55 2013 *mangle :PREROUTING ACCEPT [4260534:2732789102] :INPUT ACCEPT [1173791:178238501] :FORWARD ACCEPT [3086743:2554550601] :OUTPUT ACCEPT [1988485:2626747850] :POSTROUTING ACCEPT [5075227:5181298362] COMMIT # Completed on Sat Apr 27 14:34:55 2013 # Generated by iptables-save v1.4.8 on Sat Apr 27 14:34:55 2013 *nat :PREROUTING ACCEPT [24230:1937979] :POSTROUTING ACCEPT [1601:110654] :OUTPUT ACCEPT [1589:110076] -A POSTROUTING -s 10.0.7.0/24 ! -d 10.0.7.0/24 -j SNAT --to-source 109.71.41.66 -A POSTROUTING -s 10.0.9.0/24 ! -d 10.0.9.0/24 -j SNAT --to-source 109.71.46.213 -A POSTROUTING -s 10.0.10.0/24 ! -d 10.0.10.0/24 -j SNAT --to-source 109.71.46.214 -A POSTROUTING -s 10.0.11.0/24 ! -d 10.0.11.0/24 -j SNAT --to-source 109.71.46.216 -A POSTROUTING -s 10.0.12.0/24 ! -d 10.0.12.0/24 -j SNAT --to-source 109.71.46.217 -A POSTROUTING -s 10.0.13.0/24 ! -d 10.0.13.0/24 -j SNAT --to-source 109.71.46.218 -A POSTROUTING -s 10.0.14.0/24 ! -d 10.0.14.0/24 -j SNAT --to-source 109.71.46.219 -A POSTROUTING -s 10.0.15.0/24 ! -d 10.0.15.0/24 -j SNAT --to-source 109.71.46.220 -A POSTROUTING -s 10.0.16.0/24 ! -d 10.0.16.0/24 -j SNAT --to-source 109.71.46.221 -A POSTROUTING -s 10.0.17.0/24 ! -d 10.0.17.0/24 -j SNAT --to-source 109.71.46.222 COMMIT # Completed on Sat Apr 27 14:34:55 2013

cat /etc/network/interfaces

# Automatically generated by ptisp cloud auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 130.185.82.225 netmask 255.255.248.0 broadcast 130.185.87.255 network 130.185.80.0 gateway 130.185.80.1 # post-up ip route add default via 130.185.80.1 table eth0_if # post-up ip rule add from 130.185.82.225 table eth0_if # post-down ip rule del from 130.185.82.225 table eth0_if up ip addr add 130.185.82.235/21 dev eth0 label eth0:0 down ip addr del 130.185.82.235/21 dev eth0 label eth0:0 up ip addr add 130.185.82.236/21 dev eth0 label eth0:1 down ip addr del 130.185.82.236/21 dev eth0 label eth0:1 up ip addr add 130.185.82.237/21 dev eth0 label eth0:2 down ip addr del 130.185.82.237/21 dev eth0 label eth0:2 up ip addr add 130.185.82.238/21 dev eth0 label eth0:3 down ip addr del 130.185.82.238/21 dev eth0 label eth0:3 up ip addr add 130.185.82.239/21 dev eth0 label eth0:4 down ip addr del 130.185.82.239/21 dev eth0 label eth0:4 up ip addr add 130.185.82.241/21 dev eth0 label eth0:5 down ip addr del 130.185.82.241/21 dev eth0 label eth0:5 up ip addr add 130.185.82.242/21 dev eth0 label eth0:6 down ip addr del 130.185.82.242/21 dev eth0 label eth0:6 up ip addr add 130.185.82.243/21 dev eth0 label eth0:7 down ip addr del 130.185.82.243/21 dev eth0 label eth0:7 up ip addr add 130.185.82.244/21 dev eth0 label eth0:8 down ip addr del 130.185.82.244/21 dev eth0 label eth0:8

http://wiki.debian.org/OpenVPN
http://www.hermann-uwe.de/blog/howto-using-openvpn-on-debian-gnu-linux
http://community.allsimple.net/Thread-debian-how-to-install-openvpn-on-…
http://openmaniak.com/openvpn_tutorial.php

Search

Tags