Archive for agosto, 2021
openvpn sobre debian buster
# Nos guiamos en base a
https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/
# Esta para arreglar algunas cosas, de hecho no esta definitivo por que
# en el cliente no me funca la resolución de un ping a un sitio como google.
# Pero como es la primera ves que lo intento con openvpn y funco para mi es un inicial
# para seguir probando
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
sudo sysctl -p
sudo apt-get install openvpn -y
sudo cp -r /usr/share/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
sudo mv vars.example vars
sudo vi vars
export KEY_COUNTRY="INDIA"
export KEY_PROVINCE="CA"
export KEY_CITY="Junagadh"
export KEY_ORG="Howtoforge"
export KEY_EMAIL="admin@example.com"
export KEY_OU="OpenVPN"
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca nopass
server
sudo ./easyrsa gen-req server nopass
sudo ./easyrsa sign-req server server
yes
sudo ./easyrsa gen-dh
sudo openvpn --genkey --secret ta.key
sudo cp ta.key /etc/openvpn/
sudo cp pki/ca.crt /etc/openvpn/
sudo cp pki/private/server.key /etc/openvpn/
sudo cp pki/issued/server.crt /etc/openvpn/
sudo cp pki/dh.pem /etc/openvpn/
sudo ./easyrsa gen-req client nopass
sudo ./easyrsa sign-req client client
yes
sudo cp pki/ca.crt /etc/openvpn/client/
sudo cp pki/issued/client.crt /etc/openvpn/client/
sudo cp pki/private/client.key /etc/openvpn/client/
sudo vi /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
sudo systemctl start openvpn@server
sudo systemctl status openvpn@server
##################
# OpenVPN Client #
##################
sudo apt-get install openvpn -y
sudo vi /etc/openvpn/client.conf
client
dev tun
proto udp
remote 192.168.0.12 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
sudo scp root@192.168.0.12:/etc/openvpn/client/ca.crt /etc/openvpn/
sudo scp root@192.168.0.12:/etc/openvpn/client/client.crt /etc/openvpn/
sudo scp root@192.168.0.12:/etc/openvpn/client/client.key /etc/openvpn/
sudo scp root@192.168.0.12:/etc/openvpn/ta.key /etc/openvpn/
sudo systemctl start openvpn@client
en El servidor
sudo tail -f /var/log/openvpn/openvpn.log
Comentarios recientes