Reply to thread

Message: <blockquote data-quote="luk3r" data-source="post: 30338656" data-attributes="member: 580433">1. Install OpenVPN and Easy-RSAUpdate the package list and install OpenVPN along with Easy-RSA for managing SSL certificates.sudo apt updatesudo apt install openvpn easy-rsa -y2. Set Up the Public Key Infrastructure (PKI)Create a directory for Easy-RSA and navigate to it:make-cadir ~/openvpn-cacd ~/openvpn-caInitialize the PKI:./easyrsa init-pkiBuild the Certificate Authority (CA):./easyrsa build-ca    You will be prompted to enter a password for the CA and some details. Provide relevant information.3. Generate Server Certificate and KeyCreate a certificate request and key for the server:./easyrsa gen-req server nopassSign the server's certificate request:./easyrsa sign-req server server4. Generate Diffie-Hellman KeyGenerate the Diffie-Hellman parameters for secure key exchange:./easyrsa gen-dh5. Generate Client Certificate and KeyCreate a certificate and key for a client:./easyrsa gen-req client1 nopass./easyrsa sign-req client client16. Configure OpenVPNCopy the generated files to the OpenVPN directory:sudo cp ~/openvpn-ca/pki/ca.crt /etc/openvpn/sudo cp ~/openvpn-ca/pki/private/server.key /etc/openvpn/sudo cp ~/openvpn-ca/pki/issued/server.crt /etc/openvpn/sudo cp ~/openvpn-ca/pki/dh.pem /etc/openvpn/Create a server configuration file in /etc/openvpn/server.conf:sudo nano /etc/openvpn/server.confAdd the following configuration:port 1194proto udpdev tunca ca.crtcert server.crtkey server.keydh dh.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "redirect-gateway def1 bypass-dhcp"push "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"keepalive 10 120tls-auth ta.key 0cipher AES-256-CBCpersist-keypersist-tunstatus openvpn-status.loglog-append /var/log/openvpn.logverb 37. Enable IP ForwardingEdit the /etc/sysctl.conf file:sudo nano /etc/sysctl.confUncomment or add the following line:net.ipv4.ip_forward=1Apply the changes:sudo sysctl -p8. Start the OpenVPN ServerEnable and start the OpenVPN service:sudo systemctl enable openvpn@serversudo systemctl start openvpn@server9. Set Up Firewall RulesAllow traffic on the OpenVPN port and enable NAT:sudo ufw allow 1194/udpsudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEPersist the rules:sudo apt install iptables-persistent -ysudo netfilter-persistent save10. Create Client ConfigurationGenerate a .ovpn file for clients. Create a configuration file, for example, client1.ovpn:sudo nano client1.ovpnAdd the following content:clientdev tunproto udpremote <your-server-ip> 1194resolv-retry infinitenobindpersist-keypersist-tunremote-cert-tls servercipher AES-256-CBCauth SHA256key-direction 1verb 3<ca># Paste the contents of ca.crt here</ca><cert># Paste the contents of client1.crt here</cert><key># Paste the contents of client1.key here</key><tls-auth># Paste the contents of ta.key here</tls-auth>11. Distribute ConfigurationProvide the client1.ovpn file to your client device for connection.You now have a working OpenVPN server! Test connectivity from a client device using the generated .ovpn file.</blockquote>

Verification: Payakata winadi keeyak tibeda?

Top Bottom

Search

Latest ads

Reply to thread