Akhirnya selesai juga saya membangun VPN Server dikantor, dan seperti biasanya artikel ini saya tulis sebagai referensi buat saya sendiri.
OK, langsung saja…saya menggunakan Slackware R12 sebagai servernya dan menggunakan OpenVPN-1.6.0
root@slackware:/usr/local/openvpn/openvpn-1.6.0# tar -zxvf openvpn-1.6.0.tar.gz
root@slackware:/usr/local/openvpn/openvpn-1.6.0# cd openvpn-1.6.0
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./configure
root@slackware:/usr/local/openvpn/openvpn-1.6.0# make
root@slackware:/usr/local/openvpn/openvpn-1.6.0# make install
LOOPBACK TESTS (after BUILD):
Test Crypto:
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –genkey –secret key
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –test-crypto –secret key
————————– potong ——————————————
Mon Sep 24 14:50:24 2007 1293: TESTING ENCRYPT/DECRYPT of packet length=1292
Mon Sep 24 14:50:24 2007 1294: TESTING ENCRYPT/DECRYPT of packet length=1293
Mon Sep 24 14:50:24 2007 1295: TESTING ENCRYPT/DECRYPT of packet length=1294
Mon Sep 24 14:50:24 2007 1296: TESTING ENCRYPT/DECRYPT of packet length=1295
Mon Sep 24 14:50:24 2007 1297: TESTING ENCRYPT/DECRYPT of packet length=1296
Mon Sep 24 14:50:24 2007 1298: TESTING ENCRYPT/DECRYPT of packet length=1297
Mon Sep 24 14:50:24 2007 1299: TESTING ENCRYPT/DECRYPT of packet length=1298
Mon Sep 24 14:50:24 2007 1300: TESTING ENCRYPT/DECRYPT of packet length=1299
Mon Sep 24 14:50:24 2007 1301: TESTING ENCRYPT/DECRYPT of packet length=1300
Mon Sep 24 14:50:24 2007 1302: OpenVPN crypto self-test mode SUCCEEDED.
Test SSL/TLS negotiations (runs for 2 minutes):
./openvpn –config sample-config-files/loopback-server (Simultaneously in another window)
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config sample-config-files/loopback-server
Mon Sep 24 14:51:05 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 14:51:05 2007 1: Diffie-Hellman initialized with 1024 bit key
Mon Sep 24 14:51:05 2007 2: WARNING: file ‘sample-keys/server.key’ is group or others accessible
Mon Sep 24 14:51:05 2007 3: Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:51:05 2007 4: Data Channel MTU parms [ L:1341 D:1341 EF:41 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:51:05 2007 5: Local Options hash (VER=V3): ’4e46f95f’
Mon Sep 24 14:51:05 2007 6: Expected Remote Options hash (VER=V3): ‘c2e6d23e’
Mon Sep 24 14:51:05 2007 7: UDPv4 link local (bound): 127.0.0.1:16000
Mon Sep 24 14:51:05 2007 8: UDPv4 link remote: 127.0.0.1:16001 ./openvpn –config sample-config-files/loopback-client (In one window)
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config sample-config-files/loopback-client
Mon Sep 24 14:57:51 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 14:57:51 2007 1: WARNING: file ‘sample-keys/client.key’ is group or others accessible
Mon Sep 24 14:57:51 2007 2: Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:57:51 2007 3: Data Channel MTU parms [ L:1341 D:1341 EF:41 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:57:51 2007 4: Local Options hash (VER=V3): ‘c2e6d23e’
Mon Sep 24 14:57:51 2007 5: Expected Remote Options hash (VER=V3): ’4e46f95f’
Mon Sep 24 14:57:51 2007 6: UDPv4 link local (bound): 127.0.0.1:16001
Mon Sep 24 14:57:51 2007 7: UDPv4 link remote: 127.0.0.1:16000
# Proses instalasi selesai, sekarang kita buat key untuk vpn server kita, Lakukan seperti dibawah ( contoh key: roninmorgue.key )
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –genkey –secret roninmorgue.key
Comand di atas akan membuat sebuah file bernama roninmorgue.key , dimana isi file nya berisikan configurasi key dari openvpn yang kita install.
akan terlihat apabila kita mengetikan # ls -la
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ls -la
-rw-r–r– 1 root root 31644 2007-09-14 00:34 reliable.o
-rw——- 1 root root 636 2007-09-24 15:27 roninmorgue.key
root@slackware:/usr/local/openvpn/openvpn-1.6.0# vi roninmorgue.key
# 2048 bit OpenVPN static key
#
—–BEGIN OpenVPN Static key V1—–
80c7e35b05b073621e79129ee413b550
2b5bedaa0096e3bde8017bba1f4b828a
eeed64ec71bc1b236fd89c363516f72f
cab7019a69ad5c37cb8cf5c15d7c7978
5abeb172d402b16af6d7257177a6faa2
4a4b9f48a85f5a8826f7d9ccb9e80d99
777ee7a4bc84bb7a40a74be58af09479
e1cc9cf79dd13184f2b9d5b897b35a24
ee93f66da88d06d16f6b0f6e7c2015dd
dd686712764c5d0432d86c726bc145e9
db61cf640811ec02174b7116bdfa6332
464a592df008be8c877ac575587c6306
d5054af7dc0dc8dfdaea10221a5f5725
d14d0427c66b4d92ac43be3669559d28
6e613a01758fd1515e66768b2b07d3ce
10751e70b14e6b9c71bbc34c13ddebea
—–END OpenVPN Static key V1—–
# Selanjutnya kita buat file openvpn.conf , yang akan berisi configurasi dari server openvpn kita.
root@slackware:/usr/local/openvpn/openvpn-1.6.0# vi openvpn.conf
———-begin openvpn.conf———–
dev tun
ifconfig 202.152.28.237 202.152.28.238
secret roninmorgue.key
———-eof openvpn.conf————-
# Sekarang kita akan meng-aktifkan openvpn, disini diperlukan dev tun, kalau di freebsd tun sudah ada sejak kita menginstall freebsd. Sedangkan dilinux terkadang hanya berupa librarynya aja. Jadi kita perlu membuat direktori /dev/net
root@slackware:/usr/local/openvpn/openvpn-1.6.0# mkdir /dev/net
root@slackware:/usr/local/openvpn/openvpn-1.6.0# cd /dev/net
TUN/TAP Driver Configuration:
* Linux 2.4 or higher (with integrated TUN/TAP driver):
(1) make device node: mknod /dev/net/tun c 10 200
(2a) add to /etc/modules.conf: alias char-major-10-200 tun
(2b) load driver: modprobe tun
(3) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
root@slackware:/usr/local/openvpn/openvpn-1.6.0# mknod /dev/net/tun c 10 200
root@slackware:/usr/local/openvpn/openvpn-1.6.0# modprobe tun
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config openvpn.conf
Mon Sep 24 16:16:26 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 16:16:26 2007 1: TUN/TAP device tun0 opened
Mon Sep 24 16:16:26 2007 2: /sbin/ifconfig tun0 202.152.28.237 pointopoint 202.152.28.238 mtu 1256
Mon Sep 24 16:16:26 2007 3: UDPv4 link local (bound): [undef]:5000
Mon Sep 24 16:16:26 2007 4: UDPv4 link remote: [undef]
Sekarang VPN server kita telah berjalan.
sebagai pembuktian kita lakukan pemeriksaan –>
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:5B:A1:CA:E9
inet addr:202.151.28.153 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:5bff:fea1:cae9/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1240 (1.2 KiB) TX bytes:3962 (3.8 KiB)
Interrupt:16 Base address:0×2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2240 (2.1 KiB) TX bytes:2240 (2.1 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:202.152.28.237 P-t-P:202.152.28.238 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1256 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
OK, langsung saja…saya menggunakan Slackware R12 sebagai servernya dan menggunakan OpenVPN-1.6.0
root@slackware:/usr/local/openvpn/openvpn-1.6.0# tar -zxvf openvpn-1.6.0.tar.gz
root@slackware:/usr/local/openvpn/openvpn-1.6.0# cd openvpn-1.6.0
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./configure
root@slackware:/usr/local/openvpn/openvpn-1.6.0# make
root@slackware:/usr/local/openvpn/openvpn-1.6.0# make install
LOOPBACK TESTS (after BUILD):
Test Crypto:
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –genkey –secret key
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –test-crypto –secret key
————————– potong ——————————————
Mon Sep 24 14:50:24 2007 1293: TESTING ENCRYPT/DECRYPT of packet length=1292
Mon Sep 24 14:50:24 2007 1294: TESTING ENCRYPT/DECRYPT of packet length=1293
Mon Sep 24 14:50:24 2007 1295: TESTING ENCRYPT/DECRYPT of packet length=1294
Mon Sep 24 14:50:24 2007 1296: TESTING ENCRYPT/DECRYPT of packet length=1295
Mon Sep 24 14:50:24 2007 1297: TESTING ENCRYPT/DECRYPT of packet length=1296
Mon Sep 24 14:50:24 2007 1298: TESTING ENCRYPT/DECRYPT of packet length=1297
Mon Sep 24 14:50:24 2007 1299: TESTING ENCRYPT/DECRYPT of packet length=1298
Mon Sep 24 14:50:24 2007 1300: TESTING ENCRYPT/DECRYPT of packet length=1299
Mon Sep 24 14:50:24 2007 1301: TESTING ENCRYPT/DECRYPT of packet length=1300
Mon Sep 24 14:50:24 2007 1302: OpenVPN crypto self-test mode SUCCEEDED.
Test SSL/TLS negotiations (runs for 2 minutes):
./openvpn –config sample-config-files/loopback-server (Simultaneously in another window)
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config sample-config-files/loopback-server
Mon Sep 24 14:51:05 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 14:51:05 2007 1: Diffie-Hellman initialized with 1024 bit key
Mon Sep 24 14:51:05 2007 2: WARNING: file ‘sample-keys/server.key’ is group or others accessible
Mon Sep 24 14:51:05 2007 3: Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:51:05 2007 4: Data Channel MTU parms [ L:1341 D:1341 EF:41 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:51:05 2007 5: Local Options hash (VER=V3): ’4e46f95f’
Mon Sep 24 14:51:05 2007 6: Expected Remote Options hash (VER=V3): ‘c2e6d23e’
Mon Sep 24 14:51:05 2007 7: UDPv4 link local (bound): 127.0.0.1:16000
Mon Sep 24 14:51:05 2007 8: UDPv4 link remote: 127.0.0.1:16001 ./openvpn –config sample-config-files/loopback-client (In one window)
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config sample-config-files/loopback-client
Mon Sep 24 14:57:51 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 14:57:51 2007 1: WARNING: file ‘sample-keys/client.key’ is group or others accessible
Mon Sep 24 14:57:51 2007 2: Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:57:51 2007 3: Data Channel MTU parms [ L:1341 D:1341 EF:41 EB:0 ET:0 EL:0 ]
Mon Sep 24 14:57:51 2007 4: Local Options hash (VER=V3): ‘c2e6d23e’
Mon Sep 24 14:57:51 2007 5: Expected Remote Options hash (VER=V3): ’4e46f95f’
Mon Sep 24 14:57:51 2007 6: UDPv4 link local (bound): 127.0.0.1:16001
Mon Sep 24 14:57:51 2007 7: UDPv4 link remote: 127.0.0.1:16000
# Proses instalasi selesai, sekarang kita buat key untuk vpn server kita, Lakukan seperti dibawah ( contoh key: roninmorgue.key )
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –genkey –secret roninmorgue.key
Comand di atas akan membuat sebuah file bernama roninmorgue.key , dimana isi file nya berisikan configurasi key dari openvpn yang kita install.
akan terlihat apabila kita mengetikan # ls -la
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ls -la
-rw-r–r– 1 root root 31644 2007-09-14 00:34 reliable.o
-rw——- 1 root root 636 2007-09-24 15:27 roninmorgue.key
root@slackware:/usr/local/openvpn/openvpn-1.6.0# vi roninmorgue.key
# 2048 bit OpenVPN static key
#
—–BEGIN OpenVPN Static key V1—–
80c7e35b05b073621e79129ee413b550
2b5bedaa0096e3bde8017bba1f4b828a
eeed64ec71bc1b236fd89c363516f72f
cab7019a69ad5c37cb8cf5c15d7c7978
5abeb172d402b16af6d7257177a6faa2
4a4b9f48a85f5a8826f7d9ccb9e80d99
777ee7a4bc84bb7a40a74be58af09479
e1cc9cf79dd13184f2b9d5b897b35a24
ee93f66da88d06d16f6b0f6e7c2015dd
dd686712764c5d0432d86c726bc145e9
db61cf640811ec02174b7116bdfa6332
464a592df008be8c877ac575587c6306
d5054af7dc0dc8dfdaea10221a5f5725
d14d0427c66b4d92ac43be3669559d28
6e613a01758fd1515e66768b2b07d3ce
10751e70b14e6b9c71bbc34c13ddebea
—–END OpenVPN Static key V1—–
# Selanjutnya kita buat file openvpn.conf , yang akan berisi configurasi dari server openvpn kita.
root@slackware:/usr/local/openvpn/openvpn-1.6.0# vi openvpn.conf
———-begin openvpn.conf———–
dev tun
ifconfig 202.152.28.237 202.152.28.238
secret roninmorgue.key
———-eof openvpn.conf————-
# Sekarang kita akan meng-aktifkan openvpn, disini diperlukan dev tun, kalau di freebsd tun sudah ada sejak kita menginstall freebsd. Sedangkan dilinux terkadang hanya berupa librarynya aja. Jadi kita perlu membuat direktori /dev/net
root@slackware:/usr/local/openvpn/openvpn-1.6.0# mkdir /dev/net
root@slackware:/usr/local/openvpn/openvpn-1.6.0# cd /dev/net
TUN/TAP Driver Configuration:
* Linux 2.4 or higher (with integrated TUN/TAP driver):
(1) make device node: mknod /dev/net/tun c 10 200
(2a) add to /etc/modules.conf: alias char-major-10-200 tun
(2b) load driver: modprobe tun
(3) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
root@slackware:/usr/local/openvpn/openvpn-1.6.0# mknod /dev/net/tun c 10 200
root@slackware:/usr/local/openvpn/openvpn-1.6.0# modprobe tun
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ./openvpn –config openvpn.conf
Mon Sep 24 16:16:26 2007 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] built on Sep 14 2007
Mon Sep 24 16:16:26 2007 1: TUN/TAP device tun0 opened
Mon Sep 24 16:16:26 2007 2: /sbin/ifconfig tun0 202.152.28.237 pointopoint 202.152.28.238 mtu 1256
Mon Sep 24 16:16:26 2007 3: UDPv4 link local (bound): [undef]:5000
Mon Sep 24 16:16:26 2007 4: UDPv4 link remote: [undef]
Sekarang VPN server kita telah berjalan.
sebagai pembuktian kita lakukan pemeriksaan –>
root@slackware:/usr/local/openvpn/openvpn-1.6.0# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:5B:A1:CA:E9
inet addr:202.151.28.153 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:5bff:fea1:cae9/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1240 (1.2 KiB) TX bytes:3962 (3.8 KiB)
Interrupt:16 Base address:0×2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2240 (2.1 KiB) TX bytes:2240 (2.1 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:202.152.28.237 P-t-P:202.152.28.238 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1256 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
0 comments:
Post a Comment