Cara Instalasi VPN Di Linux Menggunakan OpenVPN

Virtual Private Network (VPN) adalah solusi koneksi private melalui jaringan publik. Dengan VPN maka kita dapat membuat jaringan di dalam jaringan atau biasa disebut tunnel. Solusi VPN ada beberapa macam. Antara lain:

1. IPSEC, solusi VPN via IP Secure Protocol. Solusi yang sudah distandarisasi tapi paling susah dikonfigurasi. Tingkat keamanan yang cukup baik namun dalam implementasinya cukup rumit. Aplikasi yang digunakan yang berbasis open source yaitu Open/Free Swan.
2. PPPT, solusi VPN versi awal. Merupakan solusi VPN dengan feature standar dimana jaringan dibangun dengan point to point seperti halnya anda melakukan dial up pada internet dirumah. Pada saat dial up ke provider internet ada maka akan dibangun point to point tunnel melalui jaringan telepon. Aplikasi OpenSource yang menggunakan PPPT adalah PopTop.
3. VPN with SSL, merupakan solusi VPN dengan menerapkan protocol Secure Socket Layer(SSL) pada enkripsi jaringan tunnel yang dibuat. Solusi ini diawali dengan aplikasi OpenVPN. Selain gratis karena open source juga memiliki kemudahan implementasi. Saya lebih memilih menggunakan OpenVPN karena kemudahan implementasinya serta bersifat multiplatform dapat dijalankan pada Linux ataupun Windows.

Kali ini saya coba menginstal VPN pada jaringan LAN sederhana dengan menggunakan OpenVPN dan dengan OS Centos  5.

VPN Server :
OS : CentOS Linux V5.3/kernel 2.6.18-128.EL5
Real IP : 192.168.48.200
VPN IP : 10.8.0.1
VPN Client :
OS : Windows XP
Real IP : 192.168.48.1
VPN IP : 10.8.0.x (server assigned)
==============
VPN Server
==============
1. Download paket-paket yang diperlukan.

view sourceprint?

1.#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz

2.#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

3.#ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/lzo-devel-2.02-3.el5.kb.i386.rpm

4.#ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/lzo-2.02-3.el5.kb.i386.rpm

 

2. Install dan build file  download.
Sebelum memulai instalasi sebaiknya Anda menginstal repository berikut ini.

view sourceprint?

1.#yum install rpm-build

2.#yum install autoconf.noarch

3.#yum install zlib-devel

4.#yum install pam-devel

5.#yum install openssl-devel

Bila dependencies diatas telah  terinstall, ikutilah langkah berikut ini untuk memulai instalasi:

view sourceprint?

01.#rpm -ivh  lzo-2.02-3.el5.kb.i386.rpm

02. 

03.#rpm -ivh  lzo-devel-2.02-3.el5.kb.i386.rpm

04. 

05.#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm

06. 

07.#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm

08. 

09.#rpmbuild -tb openvpn-2.0.9.tar.gz

10. 

11.#rpm -Uvh /usr/src/redhat/RPMS/i386 openvpn-2.0.9-1.i386.rpm

3. Copy contoh file konfigurasi berikut. Hal ini untuk mempercepat proses konfigurasi OpenVPN

view sourceprint?

1.#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

2.#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

4. Konfigurasi Certificate Authority (CA)

view sourceprint?

01.#cd /etc/openvpn/easy-rsa/

02.#vi vars

03.export KEY_COUNTRY=ID

04.export KEY_PROVINCE=Sulteng

05.export KEY_CITY=Palu

06.export KEY_ORG="VPNTKJ"

07.export KEY_EMAIL="my@vpn.mail"

08. 

09.#. ./vars

10.#./clean-all

5. Build  root Certificate Authority (CA)

view sourceprint?

01.#./build-ca

02.......++++++

03.writing new private key to 'ca.key'

04.-----

05.You are about to be asked to enter information that will be incorporated

06.into your certificate request.

07.What you are about to enter is what is called a Distinguished Name or a DN.

08.There are quite a few fields but you can leave some blank

09.For some fields there will be a default value,

10.If you enter '.', the field will be left blank.

11.-----

12.Country Name (2 letter code) [ID]:

13.State or Province Name (full name) [SULTENG]:

14.Locality Name (eg, city) [PALU]:

15.Organization Name (eg, company) [VPNTKJ]:

16.Organizational Unit Name (eg, section) []:tkj

17.Common Name (eg, your name or your server's hostname) []:VPN

18.Email Address [my@vpn.mail]:

6. Build Server Key dan Server Certificate

view sourceprint?

01.#./build-key-server vpnsrv1

02.Generating a 1024 bit RSA private key

03......++++++

04.........................++++++

05.writing new private key to 'vpnsrv1.key'

06.-----

07.You are about to be asked to enter information that will be incorporated

08.into your certificate request.

09.What you are about to enter is what is called a Distinguished Name or a DN.

10.There are quite a few fields but you can leave some blank

11.For some fields there will be a default value,

12.If you enter '.', the field will be left blank.

13.-----

14.Country Name (2 letter code) [ID]:

15.State or Province Name (full name) [SULTENG]:

16.Locality Name (eg, city) [PALU]:

17.Organization Name (eg, company) [VPNTKJ]:

18.Organizational Unit Name (eg, section) []:tkj

19.Common Name (eg, your name or your server's hostname) []:VPN

20.Email Address [my@vpn.mail]:

21. 

22.Please enter the following 'extra' attributes

23.to be sent with your certificate request

24.A challenge password []:

25.An optional company name []:

26.Using configuration from /etc/openvpn/easy-rsa/openssl.cnf

27.Check that the request matches the signature

28.Signature ok

29.The Subject's Distinguished Name is as follows

30.countryName :PRINTABLE:'ID'

31.stateOrProvinceName :PRINTABLE:'SULTENG'

32.localityName :PRINTABLE:'PALU'

33.organizationName :PRINTABLE:'VPNTKJ'

34.organizationalUnitName:PRINTABLE:'tkj'

35.commonName :PRINTABLE:'VPN'

36.emailAddress :IA5STRING:'my@vpn.mail'

37.Certificate is to be certified until Jun 27 05:21:29 2017 GMT (3650 days)

38.Sign the certificate? [y/n]:y

39. 

40.1 out of 1 certificate requests certified, commit? [y/n]y

41.Write out database with 1 new entries

42.Data Base Updated

7. Build parameter Diffie Hellman parameters

view sourceprint?

1.#./build-dh

2.Generating DH parameters, 1024 bit long safe prime, generator 2

3.This is going to take a long time

4...........

8. Copy file CA

view sourceprint?

1.#cp keys/ca.crt ../

2.#cp keys/dh1024.pem ../

3.#cp keys/vpnsrv1.key ../

4.#cp keys/vpnsrv1.crt ../

9. Konfigurasi server untuk OpenVPN

view sourceprint?

1.#cd ../

2.#vi server.conf

3.dev tap

4.;dev tun

5.ca ca.crt

6.cert vpnsrv1.crt

7.key vpnsrv1.key # This file should be kept secret

10. Startup  service

view sourceprint?

1.#service openvpn restart

2.#chkconfig openvpn on

==============
VPN Client
==============
1. Download dan install OpenVPN GUI untuk Windows

view sourceprint?

1.http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe

2. Konfigurasi CA

cmd.exe
>cd “C:\\Program Files\OpenVPN\easy-rsa”
>init-config.bat
>edit vars.bat
set KEY_COUNTRY=ID
set KEY_PROVINCE=SULTENG
set KEY_CITY=PALU
set KEY_ORG=VPNTKJ
set KEY_EMAIL=my@vpn.mail
(PS. Above must be same as the server)

3. Klik dua kali vars.bat atau jalankan file batch ini melalui command-line seperti perintah di bawah ini.

>vars.bat
>clean-all.bat

4. Build CA client key dan client scr

>md keys
>build-ca
>build-key vpnclient

5. Copy file client csr ke  server. Pastikan copy keys/vpnclient.csr dari client ke direktori /etc/openvpn/easy-rsa/keys pada server.

view sourceprint?

01.#cd /etc/openvpn/easy-rsa/

02.#./sign-req vpnclient

03.Check that the request matches the signature

04.Signature ok

05.The Subject's Distinguished Name is as follows

06.countryName :PRINTABLE:'ID'

07.stateOrProvinceName :PRINTABLE:'SULTENG'

08.localityName :PRINTABLE:'PALU'

09.organizationName :PRINTABLE:'VPNTKJ'

10.organizationalUnitName:PRINTABLE:'tkj'

11.commonName :PRINTABLE:'vpnclient'

12.emailAddress :IA5STRING:'my@vpn.mail'

13.Certificate is to be certified until Jun 27 06:40:48 2017 GMT (3650 days)

14.Sign the certificate? [y/n]:y

15. 

16.1 out of 1 certificate requests certified, commit? [y/n]y

17.Write out database with 1 new entries

18.Data Base Updated

6. Kembali pada client, install file CA (seperti vpnclient.crt dan ca.crt)
Copy file crt (vpnclient.crt)yang telah dibuat di server dan file ca.crt  dari server ke direktori Program Files/OpenVPN/config pada client.

>cd ..\config
>copy ..\easy-rsa\keys\vpnclient.key .\

7. Konfigurasi client untuk OpenVPN

>copy ..\sample-config\client.ovpn .\
Right-Click the OpenVPN GUI icon in the bottom right-hand corner, select ‘Edit Config’
dev tap
;dev tun
dev-node VPN_Tap
remote 192.168.48.200 1194
ca ca.crt
cert vpnclient.crt
key vpnclient.key
ns-cert-type server

8. Konfigurasi  network interface untuk OpenVPN

Pilih “Control Panel” > “Network Connection” > “TAP-Win32#(#)”
Ganti nama interface tersebut menjadi ‘VPN_Tap’

9. Startup connection pada client

Pada task-bar, pilih “OpenVPN GUI” > click kiri  “Connect”

Sampai disini Anda dapat melakukan koneksi ke  OpenVPN server melalui VPN client menggunakan UDP connection. Silahkan mencoba!