SHOW:
|
|
- or go back to the newest paste.
| 1 | How to make a VPN with OpenVPN (tutorial) | |
| 2 | *Get the walkthrough pictures here: https://www.sendspace.com/file/5ojjyn (sorry, it has been deleted) | |
| 3 | ||
| 4 | 1- Download OpenVPN for your platform: https://openvpn.net/index.php/download/community-downloads.html | |
| 5 | 2- Install with SSL Utilities provided in the download and OpenVPN RSA certificate also. | |
| 6 | 3- Install TAP Adapter | |
| 7 | 4- once your installation finishes you will need to go to the directory where you installed OpenVPN and create a vars.bat | |
| 8 | (you can take the sample one and rename it) | |
| 9 | 5- edit configuration to your needs | |
| 10 | 6- Open Command Prompt as Administrator | |
| 11 | 7- type in the console: cd C:\Program Files\OpenVPN\easy-rsa | |
| 12 | 8- (we will stay in the console for this part of making certificates and keys) | |
| 13 | 9- RTFM (Read The F* Manual) : | |
| 14 | Create new empty index and serial files (once only) | |
| 15 | 1. vars | |
| 16 | 2. clean-all | |
| 17 | ||
| 18 | Build a CA key (once only) | |
| 19 | 1. vars | |
| 20 | 2. build-ca | |
| 21 | ||
| 22 | Build a DH file (for server side, once only) | |
| 23 | 1. vars | |
| 24 | 2. build-dh | |
| 25 | ||
| 26 | Build a private key/certficate for the openvpn server | |
| 27 | 1. vars | |
| 28 | 2. build-key-server <machine-name> | |
| 29 | ||
| 30 | Build key files in PEM format (for each client machine) | |
| 31 | 1. vars | |
| 32 | 2. build-key <machine-name> | |
| 33 | (use <machine name> for specific name within script) | |
| 34 | ||
| 35 | 10. Make your .OVPN config files | |
| 36 | #SAMPLE CLIENT.OVPN FILE: | |
| 37 | ||
| 38 | client | |
| 39 | ||
| 40 | dev tap | |
| 41 | ||
| 42 | proto tcp-client | |
| 43 | ||
| 44 | remote some.ip.here 443 | |
| 45 | ||
| 46 | resolv-retry infinite | |
| 47 | ||
| 48 | cipher AES-256-CBC | |
| 49 | auth MD5 | |
| 50 | nobind | |
| 51 | ||
| 52 | persist-key | |
| 53 | persist-tun | |
| 54 | ||
| 55 | <ca> | |
| 56 | put CA Cert code here | |
| 57 | </ca> | |
| 58 | <cert> | |
| 59 | put Client Cert code here | |
| 60 | </cert> | |
| 61 | <key> | |
| 62 | put Client Private Key code here | |
| 63 | </key> | |
| 64 | comp-lzo | |
| 65 | verb 3 | |
| 66 | ||
| 67 | #SAMPLE Server.OVPN Config (separate file) | |
| 68 | ||
| 69 | port 443 | |
| 70 | ||
| 71 | proto tcp-server | |
| 72 | ||
| 73 | # You don't need to edit this. | |
| 74 | dev tap | |
| 75 | ||
| 76 | #Setting up encryption | |
| 77 | <ca> | |
| 78 | Enter CA Cert Code here | |
| 79 | </ca> | |
| 80 | ||
| 81 | <cert> | |
| 82 | Enter Server Cert Code Here | |
| 83 | </cert> | |
| 84 | ||
| 85 | <key> | |
| 86 | Enter Server Private Key Here | |
| 87 | </key> | |
| 88 | ||
| 89 | <dh> | |
| 90 | Paste the dh2048.pem code inside this string | |
| 91 | </dh> | |
| 92 | ||
| 93 | server 10.11.1.0 255.255.255.0 | |
| 94 | ||
| 95 | # Clients wants to see each other. | |
| 96 | client-to-client | |
| 97 | ||
| 98 | keepalive 10 120 | |
| 99 | ||
| 100 | comp-lzo | |
| 101 | cipher AES-256-CBC | |
| 102 | auth MD5 | |
| 103 | persist-key | |
| 104 | persist-tun | |
| 105 | ||
| 106 | status openvpn-status.log | |
| 107 | ||
| 108 | duplicate-cn | |
| 109 | verb 1 | |
| 110 | ||
| 111 | ----------------------------------------------- | |
| 112 | Making a Proxy on the VPN to have Client connect with server ip. | |
| 113 | (need 64bits OS for Squid Proxy Server or another proxy software) | |
| 114 | ||
| 115 | 1. Download SQUID Proxy Server here: http://packages.diladele.com/squid/3.5.27/squid.msi (latest) | |
| 116 | 2. Open Squid tray icon, edit config, use the one below for high anonymity proxy | |
| 117 | #----------------------------------------------------------------------------------- | |
| 118 | # | |
| 119 | # High Anonymous Squid Proxy Server | |
| 120 | # | |
| 121 | ||
| 122 | # Example rule allowing access from your local networks. | |
| 123 | # Adapt to list your (internal) IP networks from where browsing | |
| 124 | # should be allowed | |
| 125 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
| 126 | acl localnet src 172.16.0.0/8 # RFC1918 possible internal network | |
| 127 | acl localnet src 192.168.0.0/8 # RFC1918 possible internal network | |
| 128 | acl localnet src fc00::/7 # RFC 4193 local private network range | |
| 129 | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
| 130 | ||
| 131 | acl SSL_ports port 443-65535 | |
| 132 | acl Safe_ports port 1-65535 # unregistered ports | |
| 133 | acl CONNECT method CONNECT | |
| 134 | ||
| 135 | # | |
| 136 | # Recommended minimum Access Permission configuration: | |
| 137 | # | |
| 138 | # Deny requests to certain unsafe ports | |
| 139 | http_access deny !Safe_ports | |
| 140 | ||
| 141 | # Deny CONNECT to other than secure SSL ports | |
| 142 | http_access deny CONNECT !SSL_ports | |
| 143 | ||
| 144 | # Only allow cachemgr access from localhost | |
| 145 | http_access allow localhost manager | |
| 146 | http_access deny manager | |
| 147 | ||
| 148 | # We strongly recommend the following be uncommented to protect innocent | |
| 149 | # web applications running on the proxy server who think the only | |
| 150 | # one who can access services on "localhost" is a local user | |
| 151 | http_access deny to_localhost | |
| 152 | ||
| 153 | # | |
| 154 | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | |
| 155 | # | |
| 156 | ||
| 157 | # Example rule allowing access from your local networks. | |
| 158 | # Adapt localnet in the ACL section to list your (internal) IP networks | |
| 159 | # from where browsing should be allowed | |
| 160 | http_access allow localnet | |
| 161 | http_access allow all | |
| 162 | ||
| 163 | # And finally deny all other access to this proxy | |
| 164 | #http_access deny all | |
| 165 | forwarded_for delete | |
| 166 | via off | |
| 167 | ||
| 168 | # Squid normally listens to port 3128 | |
| 169 | http_port 3128 | |
| 170 | ||
| 171 | ||
| 172 | # Uncomment and adjust the following to add a disk cache directory. | |
| 173 | #cache_dir ufs /var/cache/squid 100 16 256 | |
| 174 | ||
| 175 | # Leave coredumps in the first cache dir | |
| 176 | coredump_dir /var/cache/squid | |
| 177 | ||
| 178 | # | |
| 179 | # Add any of your own refresh_pattern entries above these. | |
| 180 | # | |
| 181 | refresh_pattern ^ftp: 1440 20% 10080 | |
| 182 | refresh_pattern ^gopher: 1440 0% 1440 | |
| 183 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| 184 | refresh_pattern . 0 20% 4320 | |
| 185 | ||
| 186 | dns_nameservers 8.8.8.8 8.8.4.4 | |
| 187 | ||
| 188 | ###END SQUID CONFIGURATION | |
| 189 | ||
| 190 | 3. restart Squid Service | |
| 191 | ||
| 192 | 4. Open your internet options and set (your server ip 10.11.1.1) and Squid Port (3128) as shown in picture | |
| 193 | ||
| 194 | 5. Set your browsers to use the proxy. If you have a firewall please accept port 3128 and Squid service. | |
| 195 | ||
| 196 | 6. IMPORTANT: to avoid browser leaking your IP Address go in firefox address bar and type ABOUT:CONFIG | |
| 197 | ||
| 198 | 7. Search for peer, and turn everything that is true to false. | |
| 199 | ||
| 200 | I hope you enjoyed this tutorial as much as I had writing it. | |
| 201 | Thanks. | |
| 202 | ||
| 203 | ||
| 204 | ||
| 205 | ||
| 206 | ||
| 207 | ||
| 208 | Here a sample config for LAN VPN without OpenVPN GUI: https://www.sendspace.com/file/yo5as8 | |
| 209 | simply extract on your desktop* (important) and run as admin VPN.bat |
