tutorial yang sempurna dari mas ari-f, jalan lancar di raspi ku pic.twitter.com/smjTeLukGD
— Faris Widyantho (@radenfaris) June 5, 2015
Instalasi OPENVPN pada Raspberry Pi, mengikuti tutorial dari mas ari-f berikut dapat di implementasikan ke rpi (link ada di dasar post)
1. Test RPI dengan command cat /dev/net/tun
jikalau muncul cat: /dev/net/tun: File descriptor in bad state artinya dapat melanjutkan instalasi openvpn.
2. sudo -s masuk sebagai root3. apt-get update && upgrade -y update RPI
4. cp -a /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn copy sample script ke /etc/openvpn
5. cd /etc/openvpn/easy-rsa/2.0 change dir /etc/openvpn/easy-rsa/2.0
6. source ./vars
7. ./clean-all
8. ./build-ca buat cert (dikosongkan saja enter enter)
9. ./build-dh buat diffie hellman parameter
10. ./build-key-server server01 generate certificate server (dikosongkan tak mengapa diakhir pertanyaan jawab dengan: yes)
11. openvpn --genkey --secret keys/ta.key udp flood protection
12. cd /etc/openvpn change dir /etc/openvpn
13. nano server.conf buat file server.conf
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server01.crt
key keys/server01.key
dh keys/dh1024.pem
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
14. nano server-tcp.conf buat file server-tcp.conf
port 465
proto tcp
dev tun
ca keys/ca.crt
cert keys/server01.crt
key keys/server01.key
dh keys/dh1024.pem
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
port 465
proto tcp
dev tun
ca keys/ca.crt
cert keys/server01.crt
key keys/server01.key
dh keys/dh1024.pem
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
15. mkdir /etc/openvpn/keys buat folder untuk keys
16. cp /etc/openvpn/easy-rsa/2.0/keys/{ca.crt,server01.crt,server01.key,dh1024.pem,ta.key} /etc/openvpn/keys/ copy ca.crt,server01.crt,server01.key,dh1024.pem,ta.key ke keys folder
17. nano /etc/default/openvpn edit config openvpn dan uncoment AUTOSTART=ALL
18. /etc/init.d/openvpn restart restart openvpn
19. lsof -i |grep openvpn cek parameter (harus ada TCP dan UDP yang UP)
20. nano /etc/sysctl.d/forwarding.conf buat file untuk konfigurasi forwarding
17. nano /etc/default/openvpn edit config openvpn dan uncoment AUTOSTART=ALL
18. /etc/init.d/openvpn restart restart openvpn
19. lsof -i |grep openvpn cek parameter (harus ada TCP dan UDP yang UP)
20. nano /etc/sysctl.d/forwarding.conf buat file untuk konfigurasi forwarding
net.ipv4.ip_forward=1
21. sysctl -p /etc/sysctl.d/forwarding.conf
22. iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE setting iptables UDP
23. iptables -t nat -I POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE setting iptables TCP
24. mkdir clientconfig buat folder clientconfig dalam folder /etc/openvpn23. iptables -t nat -I POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE setting iptables TCP
25. cp /etc/openvpn/easy-rsa/2.0/keys/{ca.crt,ta.key} clientconfig/ copy ca.crt ta.key ke folder client config
26. cd clientconfig change directory client config
27. nano PI-UDP.ovpn buat konfigurasi client UDP
client
dev tun
proto udp
remote (IP RASPI) 1194
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
28. nano PI-TCP.ovpn buat konfigurasi client TCP
client
dev tun
proto tcp
remote (IP RASPI) 465
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
client
dev tun
proto tcp
remote (IP RASPI) 465
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
29. login ssh sebagai root dan copy ca.crt PI-UDP.ovpn PI-TCP.ovpn
jika belum ada password untuk root: sudo passwd root dan ketikkan passwordnya
30. copy ke config client dan jalankan.
Referensi:
-http://www.ari-f.com/mumet-ndase/ok-baiklah-nih-tutorial-instal-openvpn-di-vps-debian
-https://www.raspberrypi.org/forums/viewtopic.php?p=67232
-http://www.ari-f.com/mumet-ndase/ok-baiklah-nih-tutorial-instal-openvpn-di-vps-debian
-https://www.raspberrypi.org/forums/viewtopic.php?p=67232
No comments:
Post a Comment