• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Jaranguda

Belajar Mengajar

  • Home
  • Sponsor/Jasa
  • Tentang

Instalasi dan Konfigurasi OpenVPN di CentOS 6

Last Updated on 7 May 2015 By tommy 1 Comment

OpenVPN belum terdapat di repository bawaan CentOS, jadi untuk menginstallnya harus ditambah repo EPEL

wget http://fedora.dionipe.web.id/epel/6/i386/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm

Install OpenVPN

Install OpenVPN dengan cara

yum install openvpn easy-rsa bridge-utils

Generate Certificate

Agar client dan server OpenVPN bisa berkomunikasi, dibutuhkan sertifikat di kedua pihak, maka kita akan menggenerate sertifikat untuk client dan server.
Buat folder tempat menyimpan keys

mkdir -p /etc/openvpn/easy-rsa/keys
cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Untuk mempersingkat waktu tanpa perlu menginput Negara, Email, dll edit file vars (/etc/openvpn/easy-rsa/vars) sesuaikan bagian dibawah ini sesuai dengan keinginan anda

export KEY_COUNTRY="ID"
export KEY_PROVINCE="Jakarta"
export KEY_CITY="Jakarta"
export KEY_ORG="Jaranguda Simalem"
export KEY_EMAIL="[email protected]"
export KEY_OU="DevSSL"

file diatas sebenarnya tidak terlalu berpengaruh, jadi bisa saja dibiarkan default.

inisialisasi awal

cd /etc/openvpn/easy-rsa/
source ./vars
./clean-all

build ca dan key

./build-ca

output perintah diatas

Generating a 2048 bit RSA private key
...................................+++
....+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [Jaranguda Simalem CA]:
Name [EasyRSA]:
Email Address [[email protected]]:

Country Name, State, Locality semua pertanyaan diatas cukup di tekan tombol Enter di keyboard, karena sudah kita setting sebelumnya.

build certificate server

./build-key-server server

output perintah diatas

Generating a 2048 bit RSA private key
.......+++
.....................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [server]:
Name [EasyRSA]:
Email Address [[email protected]]:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ID'
stateOrProvinceName   :PRINTABLE:'Jakarta'
localityName          :PRINTABLE:'Jakarta'
organizationName      :PRINTABLE:'Jaranguda Simalem'
organizationalUnitName:PRINTABLE:'DevSSL'
commonName            :PRINTABLE:'server'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Apr 18 07:07:36 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
 
 
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Generate certificate untuk Client
Contoh kita akan membuat user OpenVPN dengan nama jaranguda01

./build-key jaranguda01

output perintah diatas

Generating a 2048 bit RSA private key
..................................+++
.....................................................................................................+++
writing new private key to 'jaranguda01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [jaranguda01]:
Name [EasyRSA]:
Email Address [[email protected]]:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ID'
stateOrProvinceName   :PRINTABLE:'Jakarta'
localityName          :PRINTABLE:'Jakarta'
organizationName      :PRINTABLE:'Jaranguda Simalem'
organizationalUnitName:PRINTABLE:'DevSSL'
commonName            :PRINTABLE:'jaranguda01'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Apr 18 07:11:45 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
 
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Generate DH

./build-dh

Semua file untuk client dan server sudah di-generate, sekarang bagian konfigurasi.
Copy semua file dari folder keys ke openvpn

cd /etc/openvpn/easy-rsa/keys/
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/

File konfigurasi Server OpenVPN

Copy file server.conf dari file doc bawaan OpenVPN

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/

buka file server.conf, edit bagian

;proto tcp
proto udp
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

menjadi

proto tcp
;proto udp
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Aktifkan Port Forwarding
buka file /etc/sysctl.conf
edit

net.ipv4.ip_forward = 0

menjadi

net.ipv4.ip_forward = 1

aktifkan perubahan diatas dengan

sysctl -p

aktifkan fitur routing trafic di iptables

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source 107.xx.xx.xxx

ganti 107.xx.xx.xxx dengan IP server anda.

jalankan OpenVPN

service openvpn start

Client OpenVPN

Tahap instalasi OpenVPN di server sudah selesai, sekarang masuk bagian client. Disini file yang harus diambil dari server adalah ca.crt, client.crt dan client.key. Bisa di copy lewat FTP, SSH atau lainnya. Kalo mau gampangnya install apache
login ke server OpenVPN

yum install httpd -y
service httpd start

kompress file server.crt jaranguda01.crt jaranguda01.key ke jaranguda.tar.gz

cd /etc/openvpn/easy-rsa/keys
tar zcvf jaranguda.tar.gz jaranguda01.crt jaranguda01.key server.crt

pidahkan file jaranguda.tar.gz ke folder /var/www/html

cp jaranguda.tar.gz /var/www/html/

sekarang kembali ke client, disini kita akan menggunakan Linux juga :D download file jaranguda.tar.gz yang ada di IP.Server/jaranguda.tar.gz

wget 107.xxx.xxx.xxx/jaranguda.tar.gz

ekstrak file tersebut

tar zxvf jaranguda.tar.gz

Client Config
jaranguda.ovpn

client
remote IP.Server 1194
dev tun
proto tcp
comp-lzo
ca ca.crt
cert perkis01.crt
key perkis01.key
route-delay 2
route-method exe
redirect-gateway def1
verb 3
 
cert jaranguda01.crt
key jaranguda01.key

jalankan openvpn dengan root

openvpn --config jaranguda.ovpn

Tulisan menarik lainnya

  • Instalasi dan Konfigurasi Proxy dengan Squid Cache di CentOS 6.5

    Ditutorial kali ini kita akan membuat proxy server dengan squid, semua user yang terhubung ke…

  • Instalasi dan Konfigurasi PHP APC di CentOS 6.3

    Modul APC ( Alternative PHP Cache) di PHP adalah salah satu dari modul untuk menyimpan…

  • Instalasi dan Konfigurasi Unbound DNS Server CentOS 7

    Tujuan menggunakan Unbound DNS server dibanding menggunakan Bind9 karena Unbound irit memory dan mudah dikonfigurasi.…

  • Instalasi OpenVPN di OpenVZ VPS pada Debian 7

    Tutorial kali ini kita akan menginstall OpenVPN di Debian 7 wheezy. Langkah-langkah Instalasi OpenVPN di…

Filed Under: Linux Tagged With: CentOS 6, openvpn

Reader Interactions

Comments

  1. sofuan says

    21 June 2020 at 11:08

    pakai ubuntu,,
    semua step sudah ok.

    sampai dapat crt.
    tetapi ketika Download file client OpenVPN..
    gi mana tuh ?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Pencarian

Tanya Jawab tentang DevOps SRE CPE, gabung di https://t.me/devopsindonesia

Terbaru

  • Cara Mengganti Port Screen Sharing macOS
  • Cara Menonaktifkan Pager di macOS
  • Cara Mengupdate Nama Apple silicon-as-a-Service Scaleway
  • Cara Force Delete Namespace di Kubernetes
  • Install PHP MariaDB di Mac Monterey

Komentar

  • mazda on Tutorial Lengkap Install Mail Server Postfix Dovecot MariaDB di CentOS 7
  • adi on Menggunakan Mikrotik Sebagai SSH Client
  • aris u on Solusi Simple Queue Mikrotik Tidak Berjalan
  • Bowo on Cara Mematikan SSID Molecool Balifiber
  • aris on Solusi Simple Queue Mikrotik Tidak Berjalan

Tulisan Populer

  • Password Router Huawei HG8245H5 Indihome 1.2m views
  • Password Terbaru ZTE F609 Indihome 784.5k views
  • Password Superadmin Huawei HG8245A 318.7k views
  • Cara Setting Manual Modem GPON ZTE F609 Indihome 273.1k views
  • Cara Setting Wireless ZTE F609 Indihome 257.2k views
  • Mengaktifkan Port LAN di Huawei HG8245 Indihome 169.9k views
  • Akses UseeTV Indihome via Wireless ZTE F609 156.8k views
  • Kemana Menghilangnya Saldo BCA 50 ribu 153.4k views
  • Cara Reset Password ZTE F609 Indihome 147.6k views
  • Cara Setting DHCP Server Modem/Router ZTE F609 113.6k views

Kategori

  • Delphi
  • dll
  • Gambas
  • Internet
  • Java
  • Lazarus
  • Linux
  • PHP
  • Review
  • Teknologi

Sponsor

kadal.id
carakami.com
kuotabisa.com
Untuk jadi sponsor, hubungi kita lewat halaman sponsor
© 2021. Jaranguda
  • Linux
  • PHP
  • Internet
  • Teknologi
  • Delphi
  • Gambas
  • Java