Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apt-get install openvpn
- cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/
- cd /etc/openvpn/2.0
- nano vars
- ===
- export KEY_COUNTRY="ID"
- export KEY_PROVINCE="WestJava"
- export KEY_CITY="Bogor"
- export KEY_ORG="NilamVPN"
- export KEY_EMAIL="mail@arie-online.net"
- export KEY_CN="NilamVPN"
- export KEY_NAME="NilamVPN"
- export KEY_OU="NilamVPN"
- ===
- source ./vars;./clean-all;./build-ca;./build-dh;./build-key-server server
- mkdir /etc/openvpn/keys/
- cp /etc/openvpn/2.0/keys/* /etc/openvpn/keys/
- cd /etc/openvpn
- rm -Rf 2.0
- nano 995.conf
- ===
- port 995
- proto tcp
- dev tap
- ca /etc/openvpn/keys/ca.crt
- dh /etc/openvpn/keys/dh1024.pem
- cert /etc/openvpn/keys/server.crt
- key /etc/openvpn/keys/server.key
- plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
- client-cert-not-required
- username-as-common-name
- server 192.168.33.0 255.255.255.0
- push "redirect-gateway def1"
- cipher none
- keepalive 5 30
- persist-key
- persist-tun
- client-to-client
- status log-995.log
- verb 3
- mute 10
- duplicate-cn
- ===
- service openvpn restart
- ===
- sysctl -w net.ipv4.ip_forward=1
- nano /etc/sysctl.conf
- ===
- *filter
- :FORWARD ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -s 192.168.33.0/255.255.255.0 -j ACCEPT
- -A FORWARD -j REJECT --reject-with icmp-port-unreachable
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -o venet0 -j SNAT --to-source 198.136.59.219
- COMMIT
- ===
- Client
- nano /etc/openvpn/995.conf
- ===
- auth-user-pass pass.txt
- client
- dev tap
- proto tcp
- remote 199.168.185.133 995
- connect-retry 5
- nobind
- ping 5
- ping-restart 120
- persist-key
- persist-tun
- persist-remote-ip
- mute-replay-warnings
- verb 3
- cipher none
- route-nopull
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIDzjCCAzegAwIBAgIJAOGjcfu1WuWNMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
- VQQGEwJJRDERMA8GA1UECBMIV2VzdEphdmExDjAMBgNVBAcTBUJvZ29yMREwDwYD
- VQQKEwhOaWxhbVZQTjERMA8GA1UECxMITmlsYW1WUE4xETAPBgNVBAMTCE5pbGFt
- VlBOMREwDwYDVQQpEwhOaWxhbVZQTjEjMCEGCSqGSIb3DQEJARYUbWFpbEBhcmll
- LW9ubGluZS5uZXQwHhcNMTIxMjA2MjMwMTA4WhcNMjIxMjA0MjMwMTA4WjCBoTEL
- MAkGA1UEBhMCSUQxETAPBgNVBAgTCFdlc3RKYXZhMQ4wDAYDVQQHEwVCb2dvcjER
- MA8GA1UEChMITmlsYW1WUE4xETAPBgNVBAsTCE5pbGFtVlBOMREwDwYDVQQDEwhO
- aWxhbVZQTjERMA8GA1UEKRMITmlsYW1WUE4xIzAhBgkqhkiG9w0BCQEWFG1haWxA
- YXJpZS1vbmxpbmUubmV0MIGfMd0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBIncm
- USsrWq6PCIdrO8XRSYi7QDCVdedzoQN+DsriLLg/49bmSfwkN9QqKJB/SR9hMO+7
- vACbcdsEg+OqNgpKypP9YXQMQSNp5ZL5PJ5jfqUfT25L41Z5KEAddXenZQo30Jem
- 92aKYvjmS4rsEEeuPk4e4BbJogRCP7YSCE5pjQIDAQABo4IBCjCCAQYwHQYDVR0O
- BBYEFCWj2vOeTLZNgpD3/T9GcbhwZUk3MIHWBgNVHSMEgc4wgcuAFCWj2vOeTLZN
- gpD3/T9GcbhwZUk3oYGnpIGkMIGhMQswCQYDVQQGEwJJRDERMA8GA1UECBMIV2Vz
- dEphdmExDjAMBgNVBAcTBUJvZ29yMREwDwYDVQQKEwhOaWxhbVZQTjERMA8GA1UE
- CxMITmlsYW1WUE4xETAPBgNVBAMTCE5pbGFtVlBOMREwDwYDVQQpEwhOaWxhbVZQ
- TjEjMCEGCSqGSIb3DQEJARYUbWFpbEBhcmllLW9ubGluZS5uZXSCCQDho3H7tVrl
- jTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAApLydqyIJye7fBV/RMh
- p0jfqi45F8ghEEk73kzwLrPHZHDAdeAt1fZTrX9EHXE2s7gyw/WDkhN2wHMcwglq
- tviwOSFG+L7kJ9AK4lYKl+G5dhgqk7BxyLzP7pdEDUDEwu2JN4OhzHtxCvqO2v3M
- vdHyHjFOBrQsOEZcgwa4+ch8
- -----END CERTIFICATE-----
- </ca>
- ===
- nano /etc/openvpn/pass.txt
- ===
- username
- password
- ===
- service openvpn restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement