Tutorial VPN Client to Site on CentOS With OpenVPN - Trung Tâm Đào Tạo Mạng Máy Tính Nhất Nghệ

Ngy 25 thng 9 nm 2014
Trang Ch
Tutorial VPN Client to Site on CentOS with OpenVPN - Trung Tm o To Mng My Tnh Nht Ngh
Gii Thiu
Chng Trnh Hc
Ti Liu
Tin Tc
F.A.Q
Trung Tm o To Mng My Tnh Nht Ngh > CISCO - LINUX - CEH - VIRTUALIZATION - DRAYTEK
TECHNOLOGY > [ LINUX ] Tho lun chung
[Tutorial] VPN Client to Site on CentOS with OpenVPN

ng K Thnh Vin
Lch Khai Ging
Hc Ph
Ti khon Ti khon
Mt m
Vic Lm
Ghi Nh?
ng Nhp
Thnh Vin
Lch
VIDEO HNG DN THIT K GAME FLAPPY BIRD

CNG NGH O HA VMWARE VSPHERE
THNG BO V VIC N TP, H TR K THUT MY TNH & MNG
L PH THI QUC T THNG 09
HNG DN NG K THI MICROSOFT (NEW)
NG K THAM D LP HC MIN PH "MASTER SEO" NGY
05/10/2014
[ LINUX ] Tho lun chung Trao i cc vn chung lin quan n mn hc Linux
Ngi Qun Tr : Quang Ngc
Vui lng g t kha lin quan n vn bn quan tm vo khung di , trc khi t cu hi mi.
Tm Kim Trn Nht Ngh
Trang 1/5 1 2 3 > Last

iu Chnh
20-04-2011, 20:49
tindecken
Khm Ph
#1
Tham gia ngy: Nov 2007
Bi gi: 111
Thanks: 17
Thanked 36 Times in 6 Posts
VPN Client to Site on CentOS with OpenVPN
Hng dn VPN Client to Site with OpenVPN

on CentOS
M t:
http://www.nhatnghe.com/forum/showthread.php?t=136475
1/18
User (VPN Client) t bn ngoi h thng thc hin quay VPN n Server OpenVPN theo c ch chng thc Certificate dng
Key + Password bo v Key (khc vi Password ca Key nha).
Qu trnh kt ni VPN thnh cng:
- 1 ng hm (Tunnel o) c Subnet 10.8.0.0/24 c to ra, VPN Client s kt ni n h thng mng cng ty theo
ng hm ny. (bo mt
)
- VPN Client s c Server cp pht 1 a ch IP tnh thuc subnet 10.8.0.0/24 c th giao tip vi cc Local Computer
bn trong h thng.
Bc 0: Chun b
Thit lp, t IP theo m hnh.
2/18
3/18
m bo: Local Computer kt ni c vi OpenVPN Server

VPN Client kt ni ca OpenVPN Server ( quay VPN)
Softs: OpenVPN GUI: ci t trn VPN Client dng quay VPN n Server
Gi lzo: ci t trn Server dng nn d liu trn ng truyn
Gi openvpn: ci t trn Server lm OpenVPN Server.
Cc softs ny c th download trn trang ch hoc mnh sn y
http://www.mediafire.com/?ir9fdp8nybzcy8n
Bc 1: Ci t VPN Server
- Copy cc gi ci t lzo-1.08, openvpn-2.0.9 vo th mc c nhn ca root (/root)
- cd /root
- Gii nn v ci lzo-1.08
tar xvzf lzo-1.08.tar.gz
cd lzo-1.08
./configure (kim tra cc th vin cha)
make (thc hin bin dch)
make install (thc hin ci t)
4/18
- Gii nn v ci t openvpn :
cd ..
tar -xzvf openvpn-2.0.9.tar.gz
cd openvpn-2.0.9
./configure
make
make install
- To th mc /etc/openvpn:
mkdir /etc/openvpn
Bc 2: To CA Certificate Server v Key

- Copy th mc easy-rsa t th mc gii nn vo /etc/openvpn
cp -r /root/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
- To CA Certifiacte Server:
cd /etc/openvpn/easy-rsa/2.0/
mv * ../ (move ton b file trong th mc 2.0/ ra th mc easy-rsa/)
cd .. (chuyn n th mc easy-rsa/)
mkdir keys (to th mc /etc/openvpn/easy-rsa/keys cha keys, certificate)
vi vars (sa cc thng s mc nh hoc c th b qua bc ny, dng thng s mc nh)
export
export
export
export
export
KEY_COUNTRY="VN"
KEY_PROVINCE="TP HCM"
KEY_CITY="HCM"
KEY_ORG="Nhat Nghe"
KEY_EMAIL=openvpn@nhatnghe.com
- Cu hnh CA:
. ./vars ; ch c 1 khong trng gia 2 du chm (dng khi to cc bin mi trng thit lp bc trn)
Khi chy lnh ny, yu cu h thng l khng c file no trong th mc keys c, s hin ra dng thng bo chy lnh
./clean-all xa trng th mc /etc/openvpn/easy-rsa/keys nu c.
./clean-all
- To CA server: To private key lu trong file 'ca.key' cho CA

./build-ca, nhp cc thng s vo, lu : phn common name l xc nh duy nht do cn nh phn ny.
5/18
ls th mc keys s thy c cc file c to ra
Cc key ny u c m ha, c th cat ra xem c g trong cho zui

- To certificate v private key cho server (xin CA cho server)
bc trn chng ta to CA Server tng t nh server ca cc t chc bn Certificate (Verizon,), trong bc ny ta
s to Private Key cho cc server c nhu cu s dng vic chng thc bng Certificate (cc ngn hng, ..) y server
chng ta l OpenVPN.
./build-key-server openvpnserver
6/18
ls keys/ ra xem c thm vi file c to ra
- To Diffie Hellman ( DH ): bm keys

./build-dh
Qu trnh bm keys c th din ra nhanh hay chm.
- To Client Certificate v Private key cho Client ( thc hin chng thc 2 chiu). y mnh to 2 keys cho 2 user
kuti v kuteo
./build-key kuti (common name: kuti)
7/18
Tng t to thm cho kuteo

./build-key kuteo (common name: kuteo)
Xong bc ny l chng ta hon thnh vic to cc Certificate v Keys cn thit cho vic chng thc
ls keys/ ra xem kt qu bc ny
Chng ta c kh nhiu file trong th mc keys/ ny, cc keys ny s c phn b n server, clients hp l theo nh bng
bn di:
8/18
Bc 3: Cu hnh chc nng Forwarding (dng thc hin Lan Routing)

vi /etc/sysctl.conf
7: net.ipv4.ip_forward = 1
sysctl p ( cho cc thng s c hiu lc)
echo 1 > /proc/sys/net/ipv4/ip_forward
Bc 4: Cu hnh VPN Server

- Copy file cu hnh server.conf mu t source ci t vo /etc/openvpn/
cp /root/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
- Chnh sa file cu hnh:
cd /etc/openvpn/
vi server.conf
N
H
A
T
N
G
H
E
I
C
T
T
R
A
I
N
I
N
G
C
E
N
T
E
R
25: local 192.168.1.200 (chn card mng user quay VPN n, c th khng cn option ny)
32: port 1723 (default l 1194, thng port ny b firewall block nn t 1723 cho ging port VPN Server ca Windows
Server)
36: proto udp (protocol udp)
53: dev tun (dng tunnel, nu dng theo bridge chn dev tap0 v nhng config khc s khc vi tunnel)
78: ca /etc/openvpn/easy-rsa/keys/ca.crt (khai bo ung dn cho file ca.crt)
79: cert /etc/openvpn/easy-rsa/keys/openvpnserver.crt
80: key /etc/openvpn/easy-rsa/keys/openvpnserver.key
87: dh /etc/openvpn/easy-rsa/keys/dh1024.pem
96: server 10.8.0.0 255.255.255.0 (khai bo dy IP cn cp cho VPN Client, mc nh VPN Server s ly IP u tin
10.8.0.1)
103: ;ifconfig-pool-persist ipp.txt (dng cho VPN Client ly li IP trc nu b t kt ni vi VPN server, do chng ta
dng IP tnh nn khng s dng thng s ny)
124: push route 172.16.0.0 255.255.255.0 (lnh ny s y route mng 172.16.0.0 n Client, hay cn gi l Lan
Routing trong Windows Server, gip cho VPN Client thy c mng bn trong ca cng ty)
125: ;push route 192.168.1.200 255.255.255.0 do bi Lab ca chng ta VPN Client connect n c network
192.168.1.0 nn khng cn add route dng ny (nu c s khng chy c)
,ch cn add route cc lp mng bn trong cng ty m Client bn ngoi khng connect c)
138: client-config-dir ccd (dng khai bo cp IP tnh cho VPN Client)
196: client-to-client (cho php cc VPN client nhn thy nhau, mc nh client ch thy server)
Cng kh n gin nh, ngoi ra cn cnhng thng s khc khng dng n nh:
181 ;push redirect-gateway (mi traffic ca VPN Client http, dns, ftp, u thng qua ung Tunnel. Khc vi lnh
push route, ch nhng traffic i vo mng ni b mi thng qua Tunnel, khi dng lnh ny yu cu bn trong mng ni b
cn c NAT Server, DNS Server)
187, 188: push dhcp-option DNS (WINS) 10.8.0.1 y DNS or WINS config vo VPN Client
Mi ngi c ngh lnh push s p config t server n VPN Client. Khi quay VPN thnh cng, Client s c VPN Server
add nhng thng s config ny.
- Cu hnh file IP tnh tng ng vi tng User:
Sau khi cu hnh server, tip ta s cu hnh cc file t trong th mc cdd/ tng ng vi tng User VPN.
+ To th mc ccd (/etc/openvpn/ccd)
mkdir /etc/openvpn/ccd
+ To profile cho user kuti
9/18
vi /etc/openvpn/ccd/kuti
1: ifconfig-push 10.8.0.2 10.8.0.1
theo file cu hnh trn user kuti s nhn IP l 10.8.0.2

Cp IP khai bo trong lnh trn phi thuc bng bn di, ng vi mi user s c 1 cp ip tng ng.
Cn l do thuc bng trn, cc bn tham kho y: http://openvpn.net/index.php/open-so...to.html#policy

+ To profile cho user kuteo
vi /etc/openvpn/ccd/kuteo
1: ifconfig-push 10.8.0.6 10.8.0.5
theo file cu hnh trn user kuti s nhn IP l 10.8.0.6
Cc bn c th thy hn ch ca vic t IP theo bng trn l Subnet 10.8.0.0/24 ta ch c th config IP tnh cho 64 user
(tng ng vi 64 cp IP trn). Nu trong cng ty c nhiu hn 64 user s dng VPN , chng ta s to thm 1 subnet
na, chng hn 10.9.0.0 v add route thm mng ny vo file server.conf trn.
Bc 5: Start VPN Server v tin hnh quay VPN, test vi cc user kuti, kuteo.
- Start OpenVPN Server
cd /etc/openvpn
openvpn server.conf
10/18
- Ci t, config OpenVPN GUI cho Client

+ Chy file openvpn-2.0.9-gui-1.0.3-install.exe, ci t mc nh.
+ Chp cc file key, certificate cn thit ca.crt, kuti.crt, kuti.key vo ng dn C:\Program Files\OpenVPN\config
+ Copy file client.ovpn t ng dn C:\Program Files\OpenVPN\sample-config vo C:\Program Files\OpenVPN\config
+ Edit file client.ovpn:

client
dev tun (tunnel)
proto udp (upd protocol)
remote 192.168.1.200 1723 (khai bo IP:Port server OpenVPN)
nobind
persist-key
persist-tun
ca ca.crt (khai bo CA server)
cert kuti.crt (certificate user kuti)
key kuti.key (private key kuti)
11/18
comp-lzo
verb 3
- Quay VPN
Right Click vo biu tng Card mng mi sau khi ci OpenVPN GUI, chn Connects
Cc bn c th thy quay VPN thnh cng, nhn IP 10.8.0.2, cc route cn thit cng c add vo.
- Set password bo v Key:
Right click vo Icon OpenVPN
Chn Change Password
Sau ny khi quay VPN, h thng s yu cu thm password ny na.
12/18
- Test:
+ Kim tra Route print: start --> run --> cmd --> route print
Ok, thy server add route cho client kuti 2 mng 172.16.0.0/24 v 192.168.1.0/24, cc bn c th thy 2 mng ny
u i qua Gateway c IP: 10.8.0.1 IP Tunnel ca VPN Server - vi metric 1.
+ Kim tra kt ni vi mng bn trong bng lnh ping.
13/18
+ Quay VPN vi user kuteo

Lm cc bc tng t nh user kuti
User kuteo nhn IP: 10.8.0.6 nh cu hnh trong file /etc/openvpn/ccd/kuteo trn.
+ Ping n VPN Client 1 (kuti: 10.8.0.2) v Local Computer (172.16.0.2)
14/18
Nh vy chng ta hon thnh bi Lab ny.

Hi vng mi ngi u lm c, nu b li hoc khng hiu lm bc no:
- Xem hng dn, gii thch full : http://openvpn.net/howto.html
- Post ln mnh s c gng tr li (nu c
).
Cn 1 phn nh (lm thm) na trong bi Lab ny, mnh s cp nht sau
Bi vit kh di (dng) anh em c t t nh.
thay i ni dung bi: tindecken, 20-04-2011 lc 21:01
c 28 ngi gi li cm n tindecken v bi vit hu ch ny:

anhnd, baothai30491, copa, dangminh1990, dthbinh1, duongit2003, HieuITVN, khoainuong, kingcasino, mcsa2003,
MrGiangCoi, mrtinhcongnghe, nghia0302, nguyennghi1, nhamai, nth1990, pcit247, phongb2b, seachone, street,
thanhtamntp, TKL, truongln, tuyenld, vienba, vinhky20119, vinhphong, watchman
Sponsored links
23-04-2011, 15:11
truongln
Mi ng K
#2
Tham gia ngy: Aug 2009
Bi gi: 4
Thanks: 1
oh yeah, ng ci mnh ang tm, thanks !
23-04-2011, 18:42
#3
Tham gia ngy: Sep 2006
Bi gi: 2,314
Thanks: 12
15/18
itvietnam
www.vhost.vn
Stick ln mi ngi d thy.
23-04-2011, 22:43
MrGiangCoi
Khm Ph
#4
Tham gia ngy: Mar 2010
Tui: 27
Bi gi: 269
Thanks: 3
lm step by step ca openVPN, d sao cng thank bc nhiu
26-04-2011, 10:04
vinhky20119
Thnh Vin Mi
#5
Tham gia ngy: Sep 2007
Bi gi: 20
Thanks: 8
Thanks ban nhieu lam ... bai viet rat huu ich ....
10-05-2011, 10:08
tindecken
Khm Ph
#6
Bi gi: 111
Thanks: 17
Spam h bn
10-05-2011, 10:39
quangchjen
Thnh Vin Mi
#7
Tham gia ngy: May 2010
Tui: 27
Bi gi: 63
Thanks: 12
VPN Server y l linux h cc bc??
18-05-2011, 00:56
tindecken
Khm Ph
#8
Bi gi: 111
Thanks: 17
1. "Bn bt OpenVPN" c ngha l bn dng lnh openvpn server.conf hay dng lnh openvpn server.conf v dng
Client quay n VPN server thnh cng. ?
2. "gateway ca my openvpn" theo bn l IP: 172.16.0.1 nh trong s trn? hay IP: 10.8.0.1 ?
3. "bn nh tuyn ca cc my client trong lan vn thy c ng i n gateway ca my openvpn" cc
my Client trong Lan l my Local Computer nh trong hnh ?
Lu : bn nn dng my o ht test, ng dng my tht lm my Local Computer nha, mnh th ri, khi quay VPN
thnh cng th my Client 1 lc ping c, lc ping khng c n my Local Computer.
13-08-2011, 22:15
#9
Tham gia ngy: Apr 2008
Bi gi: 3
16/18
Thanks: 2
Thanked 1 Time in 1 Post
thaptamnuong
Mi ng K
chun ko cn chnh
bi vit rt chun. cm n nhiu.

Bn lm Site to Site lun i.
Nhng ngi sau y gi li cm n thaptamnuong v bi vit hu ch ny:

panda_it
14-08-2011, 03:14
#10
Tham gia ngy: Mar 2008
Bi gi: 387
Thanks: 3
300000
Khm Ph
[QUOTE=tindecken;631606]1. "Bn bt OpenVPN" c ngha l bn dng lnh openvpn server.conf hay dng lnh
openvpn server.conf v dng Client quay n VPN server thnh cng. ?
2. "gateway ca my openvpn" theo bn l IP: 172.16.0.1 nh trong s trn? hay IP: 10.8.0.1 ?
3. "bn nh tuyn ca cc my client trong lan vn thy c ng i n gateway ca my openvpn" cc
my Client trong Lan l my Local Computer nh trong hnh ?
[/QOUTE]
Nu bn vit hng dn th nn gi c hai tp tin config ca server v client ln mi ngi copy vo lm theo , cn vit
th ny th hi b kh , openvpn ch kh khi chnh li hai ci file config thi .
theo mnh thy th bn cho hai ci my openvpn server v openvpn client vo cng mt swich ng khng vy? nu th th
thc ra cha th gi l kt ni thnh cng openvpn c v mt phn quan trng trong openvpn l thay i routing trong h
thng nn cu hnh c hai my trong cng mt di a ch IP th ng nhin ping c ri, nu kt ni t ngi internet th
c chy c khoogn vy? cha chc v mnh thy bn pha server openvpn cn thiu dng ny na iptables -t nat -A
POSTROUTING -o eth0 -j MASQUERADE sau khi c dng th mi c th chy c.
phn th hai nu mun chy t ngoi internet th phi to static route router pha server th lc client mi thc s c
th chy c , cha thy hng dn phn th khi kt ni t ngoi vo cha chc chy c u
Sponsored links
Trang 1/5 1 2 3 > Last
Bookmarks
Digg
del.icio.us
Google
StumbleUpon
Ti Trc | Ti K
Quyn S Dng Din n
You
You
You
You
may
may
may
may
not
not
not
not
post new threads

post replies
post attachments
edit your posts
BB code is M
Smilies ang M
[IMG] ang M
HTML ang Tt
Chuyn n
Forum Rules
[ LINUX ] Tho lun chung
Tip Tc
Similar Threads
ti
Ngi Gi
Chuyn mc
Gii php VPN: IPSEC VPN v SSL VPN
little planet
Network Infrastructure
[Help] Thc mc khi to VPN Client to Site trn ISA 2006
soundwizard
Firewall
Tr
li
Bi mi gi
15
20-03-2011 21:17
13-10-2010 08:40
17/18
[Tutorial] Cisco VPN Client 5.0.07.0290 + Thuc
longu
Softwares - Tools
28-04-2010 13:52
[Tutorial] Lab VPN Client to Site,Site to Site

PPTP,L2TP/IPSec qua ISA 2006(Video Full)
VioDes7
Firewall
12-03-2010 22:15
Mi gi GMT +7. Hin ti l 15:47

Powered by: vBulletin Version 3.8.7
Copyright 2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management by RedTyger
Lin Lc - Nht Ngh - Lu Tr - Tr Ln Trn
18/18

Tutorial VPN Client to Site on CentOS With OpenVPN - Trung Tâm Đào Tạo Mạng Máy Tính Nhất Nghệ

Uploaded by

Copyright:

Available Formats

You might also like

Tutorial VPN Client to Site on CentOS With OpenVPN - Trung Tâm Đào Tạo Mạng Máy Tính Nhất Nghệ

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tutorial VPN Client to Site on CentOS With OpenVPN - Trung Tâm Đào Tạo Mạng Máy Tính Nhất Nghệ

Uploaded by

Copyright:

Available Formats

Ngy 25 thng 9 nm 2014