OpenVPN

aptitude install openvpn
 * Install:**

code cp -R /usr/share/doc/openvpn/examples/ /etc/openvpn/ cd /etc/openvpn cp examples/sample-config-files/server.conf.gz. gunzip server.conf.gz ln -s /etc/openvpn/examples/easy-rsa/2.0/keys/ /etc/openvpn/keys
 * Kopier filer som trengs:**

code Edit server.conf: code local 158.38.56.74 # Ekstern IP port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpnkeys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/key/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.0.0.0 255.255.255.128" # Internt nett client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 code
 * Certificates med Easy-Rsa:**

Edit og sett vars: code nano /etc/openvpn/examples/easy-rsa/2.0/vars

code

code export KEY_COUNTRY="NO" export KEY_PROVINCE="ST" export KEY_CITY="Trondheim" export KEY_ORG="gr2" export KEY_EMAIL="gr2@gmail.com"

code

code cd /etc/openvpn/examples/easy-rsa/2.0/ . ./vars ./clean-all

code code ./build-ca
 * ca-certificate:**

code Bruker IP som CN.

code ./build-key-server server
 * Server certificate**:

code IP som CN.

code ./build-dh
 * Diffie Hellman parameter:**

code code ./build-key etUniqueNavn
 * Client certificates**:

code Kopier over til klient: code scp etUniqueNavn.crt etUniqueNavn.key ca.crt user@remote.host:~/

code

Client PC:
code aptitude install openvpn

code Kopier keys over til /etc/openvpn.

code openssl verify -CAfile ca.crt -purpose sslclient etUniqueNavn.crt
 * Teste cert:**

code
 * Client conf fil:**

code cd /etc/openvpn cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf. nano /etc/openvpn/client.conf

code

code client dev tun proto udp remote 158.38.56.74 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert etUniqueNavn.crt key etUniqueNavn.key ns-cert-type server comp-lzo verb 3 code


 * Redirect GATEWAY:**

Edit server.conf: code push "redirect-gateway def1 bypass-dhcp" code

**OpenVPN PAM Auth:**
Edit openvpn conf: code nano /etc/openvpn/server.conf
 * Server**

code Legg til: code plugin /usr/lib/openvpn/openvpn-auth-pam.so login

code For å droppe user certs: code client-cert-not-required username-as-common-name

code Edit conf, client.conf: code auth-user-pass
 * Client**

code Kommenter ut clients certs hvis client-cert-not-required: code
 * 1) cert client.crt
 * 2) key client.key

code