7/26/2019 OpenVPN - Linux

1/5

Tutorial

Instalao do Servidor OpenVPN e Criao da CA

Local

1 Para instalar o OpenVPN no Ubuntu execute:apt-get install openvpn

2 Aps a instalao, copie os arquivos e exe!plo e con"#urao a

pasta /usr/share/doc/openvpn/examples/eas!rsa/"#$/para a pasta

/etc/openvpn$

Comando%cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn

% &eno!eie ou crie u!a cpia o arquivo /etc/openvpn/openssl!$#$#cn'para /etc/openvpn/openssl#cn'$

Comando%cp /etc/openvpn/openssl-1.0.0.cnf /etc/openvpn/openssl.cnf

' (ite o arquivo /etc/openvpn/varsa)ustano as *lti!as lin+as iniciaaspor ()*para reetir o seu a!biente$

-onteuo o arquivo /etc/openvpn/vars+ alterar apenas o ,nal doar-uivo%# easy-rsa parameter settings# NOTE: If you installed from an RPM,# don't edit this file in plae in# !usr!share!open"pn!easy-rsa --# instead, you should opy the hole

# easy-rsa diretory to another loation# $suh as !et!open"pn% so that your# edits ill not &e iped out &y a future# OpenPN pa(age upgrade)

# This "aria&le should point to# the top le"el of the easy-rsa# tree)e*port E+.R+/01pd10

# This "aria&le should point to# the re2uested e*euta&les#e*port OPEN3/0openssl0e*port P4566TOO3/0p(s66-tool0e*port 7REP/0grep0

# This "aria&le should point to# the openssl)nf file inluded# ith easy-rsa)e*port 4E.5ON8I7/19E+.R+!hihopensslnf 9E+.R+1

# Edit this "aria&le to point to# your soon-to-&e-reated (ey# diretory)# +RNIN7: lean-all ill do# a rm -rf on this diretory# so ma(e sure you define# it orretly;e*port 4E.

7/26/2019 OpenVPN - Linux

2/5

# P4566 fi*ese*port P4566.MO/0dummy0e*port P4566.PIN/0dummy0

# Inrease this to ?@AB if you# are paranoid) This ill slo

# don T3 negotiation performane# as ell as the one-time parms# generation proess)e*port 4E.ICE/6@?A

# In ho many days should the root 5+ (ey e*pireDe*port 5+.EPIRE/FGH@

# In ho many days should ertifiates e*pireDe*port 4E.EPIRE/FGH@

# These are the default "alues for fields# hih ill &e plaed in the ertifiate)#

7/26/2019 OpenVPN - Linux

3/5

Criao do Certi,cado do ServidorComando%/etc/openvpn/build-key-server server

oc! pode substituir a palavra server por outra "ue dese#ar$ s% "ue se

fi&er isso$ lembre-se de fa&er os devidos a#ustes no ar"uivo

/etc/openvpn/server.conf "ue ser' configurado no pr%ximo passo.

-on"r!e a assinatura e a atualiao o certi"cao co! a tecla 0$

'ois arquivos ser*o gerados na pasta /etc/openvpn/keys:

server.crt - Certificado pblico do servidor +penP.

server.e! - C"ave privada do servidor +penP.

Con,.urao do Servidor OpenVPNA con"#urao o OpenVPN 3 realiaa e! qualquer arquivo que ter!ine

e! #con', localiao na pasta /etc/openvpn/$ Neste tutorial ire!os usar o

arquivo /etc/openvpn/server#con'$ Voc4 poe alterar este arquivo para o

no!e que ese)ar, ese que ele ter!ine e! #con'$ Voc4 poe inclusive ter

!ais e u! servio OpenVPN ouvino e! outras portas, basta con"#urar

outro arquivo #con'$

1 -rie u! /etc/openvpn/server#con'vaio e preenc+a.o con5or!e se#ue$ev tunproto tcp.serverport 16207eepalive 18 128co!p.lopersist.7e9persist.tunoati5con"#.pool.persist /etc/openvpn/ipp$txtserver 18$68$68$8 2''$2''$2''$8

!ax.clients 18+ /etc/openvpn/7e9s/+182%$pe!ca /etc/openvpn/7e9s/ca$crtcert /etc/openvpn/7e9s/server$crt7e9 /etc/openvpn/7e9s/server$7e9

2 nicie o OpenVPN executano o co!ano:

/etc/init$/openvpn start

0 Veri"que seu status co! o co!ano:

/etc/init$/openvpn status

http://blogdonerd.com.br/2012/06/openvpn-servidor-ubuntu-e-clientes-windows-e-linux/#passo3http://blogdonerd.com.br/2012/06/openvpn-servidor-ubuntu-e-clientes-windows-e-linux/#passo3

7/26/2019 OpenVPN - Linux

4/5

% U!a nova inter5ace e ree ;tun8< ser= criaa, con5or!e ilustra a

execuo o co!ano i'con,.abaixo$

Criando Certi,cados para ClientesPara ada no"o liente PN de sua rede, K neessLrio riar um ertifiado e*lusi"o)Isto K feito atra"Ks do omando/etc/openvpn/build-keyou/etc/openvpn/build-key-pass:

+ntes de e*eutar o build-key K importante e*eutar source /etc/openvpn/varsparaatri&uir as informaes de sua 5+ s "ariL"eis de am&iente da sesso orrente)Comando:

source /etc/openvpn/vars/etc/openvpn/build-key nome-do-cliente

TrQs no"os ar2ui"os sero gerados na pasta !et!open"pn!(eys:

(e"in)sr - oliitao do no"o ertifiado

(e"in)rt - 5ertifiado p&lio

(e"in)(ey - 5ha"e pri"ada

erL neessLrio opiar estes ar2ui"os para o lient indos)

Instalando e con,.urando o OpenVPNClientes

1indo2s

Instalar OpenVPN 34I 5OpenVPN "#6#" !! releasedon "$&6#$7#$68+ttp://openvpn$net/inex$p+p/open.source/o>nloas$+t!l

(itano arquivo ?no!e$OVPN?, @)xemplo 9evin#ovpnre!ote 6B$10B$18%$1C6proto tcpport 1620clientpullev tunco!p.lo7eepalive 18 128

persist.7e9persist.tunoat

7/26/2019 OpenVPN - Linux

5/5

+ 7evin/+182%$pe!ca 7evin/ca$crtcert 7evin/7evin$crt7e9 7evin/7evin$7e9

2 -opiar o arquivo @no!e$ovpn, para entro a pasta @C%:Pro.ram;iles:OpenVPN:con,., criar u!a pasta co! o !es!o no!e que voc4

colocou no arquivo @$ovpn, e copiar os se#uintes arquivos entro ela:

ca$crt

ca$7e9

+182%$per!

7evin$crt

7evin$7e9

0 Abra o so5t>are OpenVPN -lient, conecte no servior$

% (xecutar o pro!pt e co!ano -DE co!o a!inistraor e i#itar os

se#uintes co!anos:

Veri,car Status: route print

route a 162$2%C$2'%$C' !as7 2''$2''$2''$2'' 1F2$1CB$1$1

route elete 8$8$8$8

route a 8$8$8$8 !as7 8$8$8$8 18$68$68$'

Para voltar a nave#ar nor!al!ente e! sua ree local, esconecte aOpenVPN e i#ite no pro!pt e co!ano Gino>s:

Comando% Ipcon,. /rene2