Monday, February 16, 2015

configure openvpn for remote access user

*** Information
- vpn network
- local network
- openvpn ip address

1- install necessary application
~$ sudo apt-get install openvpn easy-rsa

2- generate ca, certification and key for server and client
~$ cd /usr/share/easy-rsa/
~$ source ./vars
~$ pkitool --initca
~$ mkdir keys

~$ touch keys/index.txt
~$ echo 01 > keys/serial
~$ build-key-server server
~$ build-key user1

- copy newly created cert and key to /etc/openvpn
~$ sudo cp -r keys /etc/openvpn

3- configure openvpn settting by create file /etc/openvpn/server.conf with the following content

port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"
push "route"
keepalive 10 120
status openvpn-status.log
verb 3

- generate dh file
~$ cd /etc/openvpn
~$ openssl dhparam -out dh1024.pem 1024

- restart openvpn service
~$ sudo service openvpn restart

4- on client we use windows platform so download
then install it

- copy ca.key, user1.crt and user1.key from server that we have created to client folder  C:\Program Files\OpenVPN\config

- create configuration file C:\Program Files\OpenVPN\config\client.conf

dev tun
proto udp
remote 1194
resolv-retry infinite
ca ca.crt
cert user1.crt
key user1.key
remote-cert-tls server
verb 3

- then run the openvpn and connect

No comments:

Post a Comment