OpenVPN - Linux
-
Upload
whipkickin -
Category
Documents
-
view
214 -
download
0
Transcript of OpenVPN - Linux
-
7/26/2019 OpenVPN - Linux
1/5
Tutorial
Instalao do Servidor OpenVPN e Criao da CA
Local
1 Para instalar o OpenVPN no Ubuntu execute:apt-get install openvpn
2 Aps a instalao, copie os arquivos e exe!plo e con"#urao a
pasta /usr/share/doc/openvpn/examples/eas!rsa/"#$/para a pasta
/etc/openvpn$
Comando%cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn
% &eno!eie ou crie u!a cpia o arquivo /etc/openvpn/openssl!$#$#cn'para /etc/openvpn/openssl#cn'$
Comando%cp /etc/openvpn/openssl-1.0.0.cnf /etc/openvpn/openssl.cnf
' (ite o arquivo /etc/openvpn/varsa)ustano as *lti!as lin+as iniciaaspor ()*para reetir o seu a!biente$
-onteuo o arquivo /etc/openvpn/vars+ alterar apenas o ,nal doar-uivo%# easy-rsa parameter settings# NOTE: If you installed from an RPM,# don't edit this file in plae in# !usr!share!open"pn!easy-rsa --# instead, you should opy the hole
# easy-rsa diretory to another loation# $suh as !et!open"pn% so that your# edits ill not &e iped out &y a future# OpenPN pa(age upgrade)
# This "aria&le should point to# the top le"el of the easy-rsa# tree)e*port E+.R+/01pd10
# This "aria&le should point to# the re2uested e*euta&les#e*port OPEN3/0openssl0e*port P4566TOO3/0p(s66-tool0e*port 7REP/0grep0
# This "aria&le should point to# the openssl)nf file inluded# ith easy-rsa)e*port 4E.5ON8I7/19E+.R+!hihopensslnf 9E+.R+1
# Edit this "aria&le to point to# your soon-to-&e-reated (ey# diretory)# +RNIN7: lean-all ill do# a rm -rf on this diretory# so ma(e sure you define# it orretly;e*port 4E.
-
7/26/2019 OpenVPN - Linux
2/5
# P4566 fi*ese*port P4566.MO/0dummy0e*port P4566.PIN/0dummy0
# Inrease this to ?@AB if you# are paranoid) This ill slo
# don T3 negotiation performane# as ell as the one-time parms# generation proess)e*port 4E.ICE/6@?A
# In ho many days should the root 5+ (ey e*pireDe*port 5+.EPIRE/FGH@
# In ho many days should ertifiates e*pireDe*port 4E.EPIRE/FGH@
# These are the default "alues for fields# hih ill &e plaed in the ertifiate)#
-
7/26/2019 OpenVPN - Linux
3/5
Criao do Certi,cado do ServidorComando%/etc/openvpn/build-key-server server
oc! pode substituir a palavra server por outra "ue dese#ar$ s% "ue se
fi&er isso$ lembre-se de fa&er os devidos a#ustes no ar"uivo
/etc/openvpn/server.conf "ue ser' configurado no pr%ximo passo.
-on"r!e a assinatura e a atualiao o certi"cao co! a tecla 0$
'ois arquivos ser*o gerados na pasta /etc/openvpn/keys:
server.crt - Certificado pblico do servidor +penP.
server.e! - C"ave privada do servidor +penP.
Con,.urao do Servidor OpenVPNA con"#urao o OpenVPN 3 realiaa e! qualquer arquivo que ter!ine
e! #con', localiao na pasta /etc/openvpn/$ Neste tutorial ire!os usar o
arquivo /etc/openvpn/server#con'$ Voc4 poe alterar este arquivo para o
no!e que ese)ar, ese que ele ter!ine e! #con'$ Voc4 poe inclusive ter
!ais e u! servio OpenVPN ouvino e! outras portas, basta con"#urar
outro arquivo #con'$
1 -rie u! /etc/openvpn/server#con'vaio e preenc+a.o con5or!e se#ue$ev tunproto tcp.serverport 16207eepalive 18 128co!p.lopersist.7e9persist.tunoati5con"#.pool.persist /etc/openvpn/ipp$txtserver 18$68$68$8 2''$2''$2''$8
!ax.clients 18+ /etc/openvpn/7e9s/+182%$pe!ca /etc/openvpn/7e9s/ca$crtcert /etc/openvpn/7e9s/server$crt7e9 /etc/openvpn/7e9s/server$7e9
2 nicie o OpenVPN executano o co!ano:
/etc/init$/openvpn start
0 Veri"que seu status co! o co!ano:
/etc/init$/openvpn status
http://blogdonerd.com.br/2012/06/openvpn-servidor-ubuntu-e-clientes-windows-e-linux/#passo3http://blogdonerd.com.br/2012/06/openvpn-servidor-ubuntu-e-clientes-windows-e-linux/#passo3 -
7/26/2019 OpenVPN - Linux
4/5
% U!a nova inter5ace e ree ;tun8< ser= criaa, con5or!e ilustra a
execuo o co!ano i'con,.abaixo$
Criando Certi,cados para ClientesPara ada no"o liente PN de sua rede, K neessLrio riar um ertifiado e*lusi"o)Isto K feito atra"Ks do omando/etc/openvpn/build-keyou/etc/openvpn/build-key-pass:
+ntes de e*eutar o build-key K importante e*eutar source /etc/openvpn/varsparaatri&uir as informaes de sua 5+ s "ariL"eis de am&iente da sesso orrente)Comando:
source /etc/openvpn/vars/etc/openvpn/build-key nome-do-cliente
TrQs no"os ar2ui"os sero gerados na pasta !et!open"pn!(eys:
(e"in)sr - oliitao do no"o ertifiado
(e"in)rt - 5ertifiado p&lio
(e"in)(ey - 5ha"e pri"ada
erL neessLrio opiar estes ar2ui"os para o lient indos)
Instalando e con,.urando o OpenVPNClientes
1indo2s
Instalar OpenVPN 34I 5OpenVPN "#6#" !! releasedon "$&6#$7#$68+ttp://openvpn$net/inex$p+p/open.source/o>nloas$+t!l
(itano arquivo ?no!e$OVPN?, @)xemplo 9evin#ovpnre!ote 6B$10B$18%$1C6proto tcpport 1620clientpullev tunco!p.lo7eepalive 18 128
persist.7e9persist.tunoat
-
7/26/2019 OpenVPN - Linux
5/5
+ 7evin/+182%$pe!ca 7evin/ca$crtcert 7evin/7evin$crt7e9 7evin/7evin$7e9
2 -opiar o arquivo @no!e$ovpn, para entro a pasta @C%:Pro.ram;iles:OpenVPN:con,., criar u!a pasta co! o !es!o no!e que voc4
colocou no arquivo @$ovpn, e copiar os se#uintes arquivos entro ela:
ca$crt
ca$7e9
+182%$per!
7evin$crt
7evin$7e9
0 Abra o so5t>are OpenVPN -lient, conecte no servior$
% (xecutar o pro!pt e co!ano -DE co!o a!inistraor e i#itar os
se#uintes co!anos:
Veri,car Status: route print
route a 162$2%C$2'%$C' !as7 2''$2''$2''$2'' 1F2$1CB$1$1
route elete 8$8$8$8
route a 8$8$8$8 !as7 8$8$8$8 18$68$68$'
Para voltar a nave#ar nor!al!ente e! sua ree local, esconecte aOpenVPN e i#ite no pro!pt e co!ano Gino>s:
Comando% Ipcon,. /rene2