OpenVPN Server für den Client to Gateway (C2G) Einsatz
VPN Server
=========
Code: Select all
sudo bash
apt-get install openvpn easy-rsa
Code: Select all
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz
make-cadir easy-rsa/
Code: Select all
cd /etc/openvpn/easy-rsa/
cp openssl-easyrsa.cnf openssl.cnf
Code: Select all
vim vars
Code: Select all
export KEY_COUNTRY="DE"
export KEY_PROVINCE="NRE"
export KEY_CITY="Muenster"
export KEY_ORG="4noobs"
export KEY_EMAIL="kontakt@4noobs.de"
export KEY_OU="Hosting"
set_var EASYRSA_DIGEST "sha512"
set_var EASYRSA_KEY_SIZE 4096
Code: Select all
sudo mkdir keys
Code: Select all
./easyrsa init-pki
Code: Select all
./easyrsa build-ca nopass
Code: Select all
./easyrsa gen-req server nopass
Code: Select all
./easyrsa sign-req server server
Code: Select all
./easyrsa gen-dh
Code: Select all
openvpn --genkey --secret ta.key
Code: Select all
cp ta.key /etc/openvpn/
cp pki/ca.crt /etc/openvpn/
cp pki/private/server.key /etc/openvpn/
cp pki/issued/server.crt /etc/openvpn/
cp pki/dh.pem /etc/openvpn/
Code: Select all
./easyrsa gen-req server nopass
Code: Select all
sudo vim /etc/openvpn/server.conf
Code: Select all
port 1194
proto udp
dev tun
ca ./easy-rsa/keys/ca.crt
cert ./easy-rsa/keys/server.crt
key ./easy-rsa/keys/server.key # This file should be kept secret
dh ./easy-rsa/keys/dh4096.pem
server 10.50.1.0 255.255.255.0
route 192.168.60.0 255.255.254.0
route 192.168.62.0 255.255.254.0
ifconfig-pool-persist ipp.txt
push route "192.168.60.0 255.255.254.0"
push route "192.168.62.0 255.255.254.0"
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn-append.log
verb 3
Code: Select all
cd /etc/openvpn/easy-rsa
./easyrsa build-client-full client1
Code: Select all
systemctl daemon-reload
Code: Select all
net.ipv4.ip_forward=1
Firewall einrichten
Code: Select all
ufw allow 1194/udp
ufw allow in on tun0
ufw allow out on tun0
ufw disable && ufw enable
ufw status
Code: Select all
tar -cxf clientname.tar.gz clientname.key clientname.crt ca.crt
Client PC
=======
Client Konfigurationsdatei erzeugen auf Client-PC
Code: Select all
vim client.ovpn
Code: Select all
client
tls-client
dev tun
proto udp
remote IP_DES_VPN_SERVERS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert clientname.crt
key clientname.key
remote-cert-tls server
comp-lzo
verb 3
Verbindung vom Client PC zum VPN Server herstellen mit dem Befehl
Code: Select all
sudo openvpn client.ovpn
Optional
=======
Route am Ziel PC setzen unter Windows mit
Code: Select all
route -p add IP_des_Ziel_PCs mask SUBNETMASKE_DES_ZIEL_PCs IP_DES_OpenVPN_Servers metric 1
Code: Select all
route add -net IP_des_Ziel_PCs netmask SUBNETMASKE_DES_ZIEL_PCs gw IP_DES_OpenVPN_Servers metric 0 dev NETZWERKSCHNITTSTELLE_DES_CLIENT_PCs