Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How to make a VPN with OpenVPN (tutorial)
- *Get the walkthrough pictures here: https://www.sendspace.com/file/5ojjyn (sorry, it has been deleted)
- 1- Download OpenVPN for your platform: https://openvpn.net/index.php/download/community-downloads.html
- 2- Install with SSL Utilities provided in the download and OpenVPN RSA certificate also.
- 3- Install TAP Adapter
- 4- once your installation finishes you will need to go to the directory where you installed OpenVPN and create a vars.bat
- (you can take the sample one and rename it)
- 5- edit configuration to your needs
- 6- Open Command Prompt as Administrator
- 7- type in the console: cd C:\Program Files\OpenVPN\easy-rsa
- 8- (we will stay in the console for this part of making certificates and keys)
- 9- RTFM (Read The F* Manual) :
- Create new empty index and serial files (once only)
- 1. vars
- 2. clean-all
- Build a CA key (once only)
- 1. vars
- 2. build-ca
- Build a DH file (for server side, once only)
- 1. vars
- 2. build-dh
- Build a private key/certficate for the openvpn server
- 1. vars
- 2. build-key-server <machine-name>
- Build key files in PEM format (for each client machine)
- 1. vars
- 2. build-key <machine-name>
- (use <machine name> for specific name within script)
- 10. Make your .OVPN config files
- #SAMPLE CLIENT.OVPN FILE:
- client
- dev tap
- proto tcp-client
- remote some.ip.here 443
- resolv-retry infinite
- cipher AES-256-CBC
- auth MD5
- nobind
- persist-key
- persist-tun
- <ca>
- put CA Cert code here
- </ca>
- <cert>
- put Client Cert code here
- </cert>
- <key>
- put Client Private Key code here
- </key>
- comp-lzo
- verb 3
- #SAMPLE Server.OVPN Config (separate file)
- port 443
- proto tcp-server
- # You don't need to edit this.
- dev tap
- #Setting up encryption
- <ca>
- Enter CA Cert Code here
- </ca>
- <cert>
- Enter Server Cert Code Here
- </cert>
- <key>
- Enter Server Private Key Here
- </key>
- <dh>
- Paste the dh2048.pem code inside this string
- </dh>
- server 10.11.1.0 255.255.255.0
- # Clients wants to see each other.
- client-to-client
- keepalive 10 120
- comp-lzo
- cipher AES-256-CBC
- auth MD5
- persist-key
- persist-tun
- status openvpn-status.log
- duplicate-cn
- verb 1
- -----------------------------------------------
- Making a Proxy on the VPN to have Client connect with server ip.
- (need 64bits OS for Squid Proxy Server or another proxy software)
- 1. Download SQUID Proxy Server here: http://packages.diladele.com/squid/3.5.27/squid.msi (latest)
- 2. Open Squid tray icon, edit config, use the one below for high anonymity proxy
- #-----------------------------------------------------------------------------------
- #
- # High Anonymous Squid Proxy Server
- #
- # Example rule allowing access from your local networks.
- # Adapt to list your (internal) IP networks from where browsing
- # should be allowed
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/8 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/8 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl SSL_ports port 443-65535
- acl Safe_ports port 1-65535 # unregistered ports
- acl CONNECT method CONNECT
- #
- # Recommended minimum Access Permission configuration:
- #
- # Deny requests to certain unsafe ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than secure SSL ports
- http_access deny CONNECT !SSL_ports
- # Only allow cachemgr access from localhost
- http_access allow localhost manager
- http_access deny manager
- # We strongly recommend the following be uncommented to protect innocent
- # web applications running on the proxy server who think the only
- # one who can access services on "localhost" is a local user
- http_access deny to_localhost
- #
- # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
- #
- # Example rule allowing access from your local networks.
- # Adapt localnet in the ACL section to list your (internal) IP networks
- # from where browsing should be allowed
- http_access allow localnet
- http_access allow all
- # And finally deny all other access to this proxy
- #http_access deny all
- forwarded_for delete
- via off
- # Squid normally listens to port 3128
- http_port 3128
- # Uncomment and adjust the following to add a disk cache directory.
- #cache_dir ufs /var/cache/squid 100 16 256
- # Leave coredumps in the first cache dir
- coredump_dir /var/cache/squid
- #
- # Add any of your own refresh_pattern entries above these.
- #
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- dns_nameservers 8.8.8.8 8.8.4.4
- ###END SQUID CONFIGURATION
- 3. restart Squid Service
- 4. Open your internet options and set (your server ip 10.11.1.1) and Squid Port (3128) as shown in picture
- 5. Set your browsers to use the proxy. If you have a firewall please accept port 3128 and Squid service.
- 6. IMPORTANT: to avoid browser leaking your IP Address go in firefox address bar and type ABOUT:CONFIG
- 7. Search for peer, and turn everything that is true to false.
- I hope you enjoyed this tutorial as much as I had writing it.
- Thanks.
- Here a sample config for LAN VPN without OpenVPN GUI: https://www.sendspace.com/file/yo5as8
- simply extract on your desktop* (important) and run as admin VPN.bat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement