Wednesday, October 12, 2016

configure openvpn to use tcp protocol

*** server
1- install necessary application
$ sudo apt-get install openvpn easy-rsa

2- create ca, server and client certificates
$ cd /usr/share/easy-rsa/
$ mkdir key
$ touch keys/index.txt
$ echo 01 > keys/serial
$ source  ./vars
$ PATH=$PATH:`pwd`
$ ./clean-all
$ build-dh
$ pkitool --initca
$ pkitool --server server
$ pkitool client1


- copy newly created cert and key to /etc/openvpn
$ sudo cp -r keys /etc/openvpn


3- configure openvpn settting by create file /etc/openvpn/server.conf with the following content

port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server1.crt
key keys/server1.key  # This file should be kept secret
dh keys/dh2028.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


4- restart the openvpn server and it is finished on server part
$ sudo /etc/init.d/openvpn restart

*** client

1 -copy ca.key, client1.crt and client1.key from server to cleint
and configuration of client is below

client
dev tun
proto tcp
remote 49.156.46.162 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
remote-cert-tls server
comp-lzo
verb 3






so the configuration file will be named as client.conf
and the directory that the configuration file  is contained, it also contain the following file with the structure below

├── client.conf
└── keys
    ├── ca.crt
    ├── client1.crt
    └── client1.key


2- to connect  cd to the configuration directory and execute the following command

$ sudo openvpn --config client-tcp.conf

No comments:

Post a Comment