SHOW:
|
|
- or go back to the newest paste.
1 | How to make a VPN with OpenVPN (tutorial) | |
2 | *Get the walkthrough pictures here: https://www.sendspace.com/file/5ojjyn (sorry, it has been deleted) | |
3 | ||
4 | 1- Download OpenVPN for your platform: https://openvpn.net/index.php/download/community-downloads.html | |
5 | 2- Install with SSL Utilities provided in the download and OpenVPN RSA certificate also. | |
6 | 3- Install TAP Adapter | |
7 | 4- once your installation finishes you will need to go to the directory where you installed OpenVPN and create a vars.bat | |
8 | (you can take the sample one and rename it) | |
9 | 5- edit configuration to your needs | |
10 | 6- Open Command Prompt as Administrator | |
11 | 7- type in the console: cd C:\Program Files\OpenVPN\easy-rsa | |
12 | 8- (we will stay in the console for this part of making certificates and keys) | |
13 | 9- RTFM (Read The F* Manual) : | |
14 | Create new empty index and serial files (once only) | |
15 | 1. vars | |
16 | 2. clean-all | |
17 | ||
18 | Build a CA key (once only) | |
19 | 1. vars | |
20 | 2. build-ca | |
21 | ||
22 | Build a DH file (for server side, once only) | |
23 | 1. vars | |
24 | 2. build-dh | |
25 | ||
26 | Build a private key/certficate for the openvpn server | |
27 | 1. vars | |
28 | 2. build-key-server <machine-name> | |
29 | ||
30 | Build key files in PEM format (for each client machine) | |
31 | 1. vars | |
32 | 2. build-key <machine-name> | |
33 | (use <machine name> for specific name within script) | |
34 | ||
35 | 10. Make your .OVPN config files | |
36 | #SAMPLE CLIENT.OVPN FILE: | |
37 | ||
38 | client | |
39 | ||
40 | dev tap | |
41 | ||
42 | proto tcp-client | |
43 | ||
44 | remote some.ip.here 443 | |
45 | ||
46 | resolv-retry infinite | |
47 | ||
48 | cipher AES-256-CBC | |
49 | auth MD5 | |
50 | nobind | |
51 | ||
52 | persist-key | |
53 | persist-tun | |
54 | ||
55 | <ca> | |
56 | put CA Cert code here | |
57 | </ca> | |
58 | <cert> | |
59 | put Client Cert code here | |
60 | </cert> | |
61 | <key> | |
62 | put Client Private Key code here | |
63 | </key> | |
64 | comp-lzo | |
65 | verb 3 | |
66 | ||
67 | #SAMPLE Server.OVPN Config (separate file) | |
68 | ||
69 | port 443 | |
70 | ||
71 | proto tcp-server | |
72 | ||
73 | # You don't need to edit this. | |
74 | dev tap | |
75 | ||
76 | #Setting up encryption | |
77 | <ca> | |
78 | Enter CA Cert Code here | |
79 | </ca> | |
80 | ||
81 | <cert> | |
82 | Enter Server Cert Code Here | |
83 | </cert> | |
84 | ||
85 | <key> | |
86 | Enter Server Private Key Here | |
87 | </key> | |
88 | ||
89 | <dh> | |
90 | Paste the dh2048.pem code inside this string | |
91 | </dh> | |
92 | ||
93 | server 10.11.1.0 255.255.255.0 | |
94 | ||
95 | # Clients wants to see each other. | |
96 | client-to-client | |
97 | ||
98 | keepalive 10 120 | |
99 | ||
100 | comp-lzo | |
101 | cipher AES-256-CBC | |
102 | auth MD5 | |
103 | persist-key | |
104 | persist-tun | |
105 | ||
106 | status openvpn-status.log | |
107 | ||
108 | duplicate-cn | |
109 | verb 1 | |
110 | ||
111 | ----------------------------------------------- | |
112 | Making a Proxy on the VPN to have Client connect with server ip. | |
113 | (need 64bits OS for Squid Proxy Server or another proxy software) | |
114 | ||
115 | 1. Download SQUID Proxy Server here: http://packages.diladele.com/squid/3.5.27/squid.msi (latest) | |
116 | 2. Open Squid tray icon, edit config, use the one below for high anonymity proxy | |
117 | #----------------------------------------------------------------------------------- | |
118 | # | |
119 | # High Anonymous Squid Proxy Server | |
120 | # | |
121 | ||
122 | # Example rule allowing access from your local networks. | |
123 | # Adapt to list your (internal) IP networks from where browsing | |
124 | # should be allowed | |
125 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
126 | acl localnet src 172.16.0.0/8 # RFC1918 possible internal network | |
127 | acl localnet src 192.168.0.0/8 # RFC1918 possible internal network | |
128 | acl localnet src fc00::/7 # RFC 4193 local private network range | |
129 | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
130 | ||
131 | acl SSL_ports port 443-65535 | |
132 | acl Safe_ports port 1-65535 # unregistered ports | |
133 | acl CONNECT method CONNECT | |
134 | ||
135 | # | |
136 | # Recommended minimum Access Permission configuration: | |
137 | # | |
138 | # Deny requests to certain unsafe ports | |
139 | http_access deny !Safe_ports | |
140 | ||
141 | # Deny CONNECT to other than secure SSL ports | |
142 | http_access deny CONNECT !SSL_ports | |
143 | ||
144 | # Only allow cachemgr access from localhost | |
145 | http_access allow localhost manager | |
146 | http_access deny manager | |
147 | ||
148 | # We strongly recommend the following be uncommented to protect innocent | |
149 | # web applications running on the proxy server who think the only | |
150 | # one who can access services on "localhost" is a local user | |
151 | http_access deny to_localhost | |
152 | ||
153 | # | |
154 | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | |
155 | # | |
156 | ||
157 | # Example rule allowing access from your local networks. | |
158 | # Adapt localnet in the ACL section to list your (internal) IP networks | |
159 | # from where browsing should be allowed | |
160 | http_access allow localnet | |
161 | http_access allow all | |
162 | ||
163 | # And finally deny all other access to this proxy | |
164 | #http_access deny all | |
165 | forwarded_for delete | |
166 | via off | |
167 | ||
168 | # Squid normally listens to port 3128 | |
169 | http_port 3128 | |
170 | ||
171 | ||
172 | # Uncomment and adjust the following to add a disk cache directory. | |
173 | #cache_dir ufs /var/cache/squid 100 16 256 | |
174 | ||
175 | # Leave coredumps in the first cache dir | |
176 | coredump_dir /var/cache/squid | |
177 | ||
178 | # | |
179 | # Add any of your own refresh_pattern entries above these. | |
180 | # | |
181 | refresh_pattern ^ftp: 1440 20% 10080 | |
182 | refresh_pattern ^gopher: 1440 0% 1440 | |
183 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
184 | refresh_pattern . 0 20% 4320 | |
185 | ||
186 | dns_nameservers 8.8.8.8 8.8.4.4 | |
187 | ||
188 | ###END SQUID CONFIGURATION | |
189 | ||
190 | 3. restart Squid Service | |
191 | ||
192 | 4. Open your internet options and set (your server ip 10.11.1.1) and Squid Port (3128) as shown in picture | |
193 | ||
194 | 5. Set your browsers to use the proxy. If you have a firewall please accept port 3128 and Squid service. | |
195 | ||
196 | 6. IMPORTANT: to avoid browser leaking your IP Address go in firefox address bar and type ABOUT:CONFIG | |
197 | ||
198 | 7. Search for peer, and turn everything that is true to false. | |
199 | ||
200 | I hope you enjoyed this tutorial as much as I had writing it. | |
201 | Thanks. | |
202 | ||
203 | ||
204 | ||
205 | ||
206 | ||
207 | ||
208 | Here a sample config for LAN VPN without OpenVPN GUI: https://www.sendspace.com/file/yo5as8 | |
209 | simply extract on your desktop* (important) and run as admin VPN.bat |