TrabalhosGratuitos.com - Trabalhos, Monografias, Artigos, Exames, Resumos de livros, Dissertações
Pesquisar

Open VPN

Relatório de pesquisa: Open VPN. Pesquise 861.000+ trabalhos acadêmicos

Por:   •  22/10/2013  •  Relatório de pesquisa  •  3.204 Palavras (13 Páginas)  •  424 Visualizações

Página 1 de 13

OpenVPN

If you want more than just pre-shared keys OpenVPN makes it easy to setup and use a Public Key Infrastructure (PKI) to use SSL/TLS certificates for authentication and key exchange between the VPN server and clients. OpenVPN can be used in a routed or bridged VPN mode and can be configured to use either UDP or TCP. The port number can be configured as well, but port 1194 is the official one. And it is only using that single port for all communication. VPN client implementations are available for almost anything including all Linux distributions, OS X, Windows and OpenWRT based WLAN routers.

Server Installation

Public Key Infrastructure Setup

Simple Server Configuration

Simple Client Configuration

First trouble shooting

Advanced configuration

Client software implementations

References

Server Installation

To install openvpn in a terminal enter:

sudo apt-get install openvpn

Public Key Infrastructure Setup

The first step in building an OpenVPN configuration is to establish a PKI (public key infrastructure). The PKI consists of:

a separate certificate (also known as a public key) and private key for the server and each client, and

a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.

OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.

Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type (client or server).

Certificate Authority Setup

To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:

mkdir /etc/openvpn/easy-rsa/

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment:

export KEY_COUNTRY="US"

export KEY_PROVINCE="NC"

export KEY_CITY="Winston-Salem"

export KEY_ORG="Example Company"

export KEY_EMAIL="steve@example.com"

Enter the following to generate the master Certificate Authority (CA) certificate and key:

cd /etc/openvpn/easy-rsa/

source vars

./clean-all

./build-ca

Server Certificates

Next, we will generate a certificate and private key for the server:

./build-key-server myservername

As in the previous step, most parameters can be defaulted. Two other queries require positive responses, "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]".

Diffie Hellman parameters must be generated for the OpenVPN server:

./build-dh

All certificates and keys have been generated in the subdirectory keys/. Common practice is to copy them to /etc/openvpn/:

cd keys/

cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/

Client Certificates

The VPN client will also need a certificate to authenticate itself to the server. Usually you create a different certificate for each client. To create the certificate, enter the following in a terminal while being user root:

cd /etc/openvpn/easy-rsa/

source vars

./build-key client1

Copy the following files to the client using a secure method:

/etc/openvpn/ca.crt

/etc/openvpn/easy-rsa/keys/client1.crt

/etc/openvpn/easy-rsa/keys/client1.key

As the client certificates and keys are only required on the client machine, you should remove them from the server.

Simple Server Configuration

Along with your OpenVPN installation you got these sample config files (and many more if if you check):

root@server:/# ls -l /usr/share/doc/openvpn/examples/sample-config-files/

total 68

-rw-r--r-- 1 root root 3427 2011-07-04 15:09 client.conf

-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz

Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf.

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

sudo gzip -d /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf

...

Baixar como (para membros premium)  txt (20.4 Kb)  
Continuar por mais 12 páginas »
Disponível apenas no TrabalhosGratuitos.com