Monday, February 16, 2015

configure openvpn for remote access user

*** Information
- vpn network 10.6.0.0/24
- local network 3.1.1.0/24
- openvpn ip address 10.0.3.121

1- install necessary application
~$ sudo apt-get install openvpn easy-rsa

2- generate ca, certification and key for server and client
~$ cd /usr/share/easy-rsa/
~$ source ./vars
~$ pkitool --initca
~$ mkdir keys

~$ touch keys/index.txt
~$ echo 01 > keys/serial
~$ build-key-server server
~$ build-key user1

- copy newly created cert and key to /etc/openvpn
~$ sudo cp -r keys /etc/openvpn

3- configure openvpn settting by create file /etc/openvpn/server.conf with the following content

port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 3.1.1.0 255.255.255.0"
push "route 4.1.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


- generate dh file
~$ cd /etc/openvpn
~$ openssl dhparam -out dh1024.pem 1024

- restart openvpn service
~$ sudo service openvpn restart

4- on client we use windows platform so download http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.6-I001-i686.exe
then install it

- copy ca.key, user1.crt and user1.key from server that we have created to client folder  C:\Program Files\OpenVPN\config

- create configuration file C:\Program Files\OpenVPN\config\client.conf

client
dev tun
proto udp
remote 10.0.3.121 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user1.crt
key user1.key
remote-cert-tls server
comp-lzo
verb 3


- then run the openvpn and connect


No comments:

Post a Comment