Menú
Hispanitat nº 7 Local C
08225, Terrassa (Barcelona)
+34 600 676 872
Soporte Técnico
Lunes-Viernes: 9:30 a 13:30 - 16:30 a 20:00
Sábados a convenir
08225, Terrassa (Barcelona)
Soporte Técnico
Sábados a convenir
Cita de admin en 1 julio, 2024, 11:16 amdnf install epel-releasednf install openvpncd /etc/openvpn/ wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgztar -xf EasyRSA-unix-v3.0.6.tgz mv EasyRSA-v3.0.6/ easy-rsa/; rm -f EasyRSA-unix-v3.0.6.tgzcd /etc/openvpn/easy-rsa/ vim varsset_var EASYRSA "$PWD" set_var EASYRSA_PKI "$EASYRSA/pki" set_var EASYRSA_DN "cn_only" set_var EASYRSA_REQ_COUNTRY "ID" set_var EASYRSA_REQ_PROVINCE "Jakarta" set_var EASYRSA_REQ_CITY "Jakarta" set_var EASYRSA_REQ_ORG "hakase-labs CERTIFICATE AUTHORITY" set_var EASYRSA_REQ_EMAIL "openvpn@hakase-labs.io" set_var EASYRSA_REQ_OU "HAKASE-LABS EASY CA" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_ALGO rsa set_var EASYRSA_CA_EXPIRE 7500 set_var EASYRSA_CERT_EXPIRE 365 set_var EASYRSA_NS_SUPPORT "no" set_var EASYRSA_NS_COMMENT "HAKASE-LABS CERTIFICATE AUTHORITY" set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" set_var EASYRSA_DIGEST "sha256"chmod +x varscd /etc/openvpn/easy-rsa/./easyrsa init-pki cd /etc/openvpn/easy-rsa/pki openssl rand -writerand .rnd ./easyrsa build-ca./easyrsa gen-req hakase-server nopass./easyrsa sign-req server hakase-serveropenssl verify -CAfile pki/ca.crt pki/issued/hakase-server.crt./easyrsa gen-req client01 nopass./easyrsa sign-req client client01openssl verify -CAfile pki/ca.crt pki/issued/client01.crt./easyrsa gen-dh./easyrsa revoke someone./easyrsa gen-crlcp pki/ca.crt /etc/openvpn/server/ cp pki/issued/hakase-server.crt /etc/openvpn/server/ cp pki/private/hakase-server.key /etc/openvpn/server/cp pki/ca.crt /etc/openvpn/client/ cp pki/issued/client01.crt /etc/openvpn/client/ cp pki/private/client01.key /etc/openvpn/client/cp pki/dh.pem /etc/openvpn/server/ cp pki/crl.pem /etc/openvpn/server/cd /etc/openvpn/server/ nano server.conf# OpenVPN Port, Protocol, and the Tun port 1194 proto udp dev tun # OpenVPN Server Certificate - CA, server key and certificate ca /etc/openvpn/server/ca.crt cert /etc/openvpn/server/hakase-server.crt key /etc/openvpn/server/hakase-server.key #DH and CRL key dh /etc/openvpn/server/dh.pem crl-verify /etc/openvpn/server/crl.pem # Network Configuration - Internal network # Redirect all Connection through OpenVPN Server server 10.5.0.0 255.255.255.0 push "redirect-gateway def1" # Using the DNS from https://dns.watch push "dhcp-option DNS 84.200.69.80" push "dhcp-option DNS 84.200.70.40" #Enable multiple clients to connect with the same certificate key duplicate-cn # TLS Security cipher AES-256-CBC tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 auth SHA512 auth-nocache # Other Configuration keepalive 20 60 persist-key persist-tun compress lz4 daemon user nobody group nobody # OpenVPN Log log-append /var/log/openvpn.log verb 3echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -pfirewall-cmd --permanent --add-service=openvpn firewall-cmd --permanent --zone=trusted --add-service=openvpnfirewall-cmd --permanent --zone=trusted --add-interface=tun0firewall-cmd --permanent --add-masqueradeSERVERIP=$(ip route get 1.1.1.1 | awk 'NR==1 {print $(NF-2)}') firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADEfirewall-cmd --reloadsystemctl start openvpn-server@server systemctl enable openvpn-server@serverclient dev tun proto udp remote xxx.xxx.xxx.xxx 1194 ca ca.crt cert client01.crt key client01.key cipher AES-256-CBC auth SHA512 auth-nocache tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 resolv-retry infinite compress lz4 nobind persist-key persist-tun mute-replay-warnings verb 3netstat -plntu systemctl status openvpn-server@servercd /etc/openvpn/client nano client01.ovpn@servercd /etc/openvpn/ tar -czvf client01.tar.gz client/*scp root@139.xx.xx.xx:/etc/openvpn/client01.tar.gz .sudo apt install openvpn network-manager-openvpn network-manager-openvpn-gnome -yopenvpn --config client01.ovpncurl ifconfig.io
dnf install epel-release
dnf install openvpn
cd /etc/openvpn/ wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
tar -xf EasyRSA-unix-v3.0.6.tgz mv EasyRSA-v3.0.6/ easy-rsa/; rm -f EasyRSA-unix-v3.0.6.tgz
cd /etc/openvpn/easy-rsa/ vim vars
set_var EASYRSA "$PWD" set_var EASYRSA_PKI "$EASYRSA/pki" set_var EASYRSA_DN "cn_only" set_var EASYRSA_REQ_COUNTRY "ID" set_var EASYRSA_REQ_PROVINCE "Jakarta" set_var EASYRSA_REQ_CITY "Jakarta" set_var EASYRSA_REQ_ORG "hakase-labs CERTIFICATE AUTHORITY" set_var EASYRSA_REQ_EMAIL "openvpn@hakase-labs.io" set_var EASYRSA_REQ_OU "HAKASE-LABS EASY CA" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_ALGO rsa set_var EASYRSA_CA_EXPIRE 7500 set_var EASYRSA_CERT_EXPIRE 365 set_var EASYRSA_NS_SUPPORT "no" set_var EASYRSA_NS_COMMENT "HAKASE-LABS CERTIFICATE AUTHORITY" set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" set_var EASYRSA_DIGEST "sha256"
chmod +x vars
cd /etc/openvpn/easy-rsa/
./easyrsa init-pki cd /etc/openvpn/easy-rsa/pki openssl rand -writerand .rnd ./easyrsa build-ca
./easyrsa gen-req hakase-server nopass
./easyrsa sign-req server hakase-server
openssl verify -CAfile pki/ca.crt pki/issued/hakase-server.crt
./easyrsa gen-req client01 nopass
./easyrsa sign-req client client01
openssl verify -CAfile pki/ca.crt pki/issued/client01.crt
./easyrsa gen-dh
./easyrsa revoke someone
./easyrsa gen-crl
cp pki/ca.crt /etc/openvpn/server/ cp pki/issued/hakase-server.crt /etc/openvpn/server/ cp pki/private/hakase-server.key /etc/openvpn/server/
cp pki/ca.crt /etc/openvpn/client/ cp pki/issued/client01.crt /etc/openvpn/client/ cp pki/private/client01.key /etc/openvpn/client/
cp pki/dh.pem /etc/openvpn/server/ cp pki/crl.pem /etc/openvpn/server/
cd /etc/openvpn/server/ nano server.conf
# OpenVPN Port, Protocol, and the Tun port 1194 proto udp dev tun # OpenVPN Server Certificate - CA, server key and certificate ca /etc/openvpn/server/ca.crt cert /etc/openvpn/server/hakase-server.crt key /etc/openvpn/server/hakase-server.key #DH and CRL key dh /etc/openvpn/server/dh.pem crl-verify /etc/openvpn/server/crl.pem # Network Configuration - Internal network # Redirect all Connection through OpenVPN Server server 10.5.0.0 255.255.255.0 push "redirect-gateway def1" # Using the DNS from https://dns.watch push "dhcp-option DNS 84.200.69.80" push "dhcp-option DNS 84.200.70.40" #Enable multiple clients to connect with the same certificate key duplicate-cn # TLS Security cipher AES-256-CBC tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 auth SHA512 auth-nocache # Other Configuration keepalive 20 60 persist-key persist-tun compress lz4 daemon user nobody group nobody # OpenVPN Log log-append /var/log/openvpn.log verb 3
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -p
firewall-cmd --permanent --add-service=openvpn firewall-cmd --permanent --zone=trusted --add-service=openvpn
firewall-cmd --permanent --zone=trusted --add-interface=tun0
firewall-cmd --permanent --add-masquerade
SERVERIP=$(ip route get 1.1.1.1 | awk 'NR==1 {print $(NF-2)}')
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.5.0.0/24 -o $SERVERIP -j MASQUERADE
firewall-cmd --reload
systemctl start openvpn-server@server systemctl enable openvpn-server@server
client dev tun proto udp remote xxx.xxx.xxx.xxx 1194 ca ca.crt cert client01.crt key client01.key cipher AES-256-CBC auth SHA512 auth-nocache tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 resolv-retry infinite compress lz4 nobind persist-key persist-tun mute-replay-warnings verb 3
netstat -plntu systemctl status openvpn-server@server
cd /etc/openvpn/client nano client01.ovpn
@server
cd /etc/openvpn/ tar -czvf client01.tar.gz client/*
scp root@139.xx.xx.xx:/etc/openvpn/client01.tar.gz .
sudo apt install openvpn network-manager-openvpn network-manager-openvpn-gnome -y
openvpn --config client01.ovpn
curl ifconfig.io
© Informàtica Can Boada All rights reserved
