Mc lc

Contents
Contents.......................................................................................................................... 1

1. Chun b ci t Trc khi ci t openvpn chng ta cn chun b server vi 2 giao din mng vi h iu hnh CentOS 5.5

Hnh trn l m hnh mng. my khch bn ngoi mun truy cp vo mng bn trong lm vic qua cch s dng kt ni VPN thng qua internet. 2. Nhng yu cu cho ci t open vpn ci t openvpn trn CentOS 5.5 chng ta ci t cc gi b tr sau: - Lzo v lzo-devl: Thc hin vic nn gi. - Openssl v openssl-devel: to chng ch - Pam-devel: openvpn chng thc - Openvpn: ci cho vpnserver
-

Gcc: hon thnh phn mm

3. Ci t gi ci t gi openvpn trc tin chng ta cn ci cc gi sau #yum install -y wget install tool for download package #yum install -y yum-priorities let your yum to install more packages. #cd /tmp #wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.11.el5.rf.i386.rpm for x86 (32bit) only #rpm -i rpmforge-release-0.5.1-1.el5.rf.*.rpm
2

#yum check-update #yum install lzo #yum install lzo-devel #yum install openssl #yum install openssl-devel #yum install pam-devel #yum install gcc #yum install openvpn 4. Cu hnh openvpn server Sau khi ci openvpn server trn CentOS 5.5 chng ta cn copy nhng file nh sau: #cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ # cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf/etc/openvpn/ Sau khi chng ta copy xong cn phairn to chng ch cho server v client: #cd /etc/openvpn/easy-rsa/2.0/ #. ../vars #chmod +rwx * #source ./var #vi /vars

#./build-ca Nhp ni v tn t chc ca bn .

3

#source ./vars #./clean-all #./build-ca

#./build-key-server server create certificate for server

#./build-key client1

To chng ch cho client

Sau khi chng ta to chng ch xong cn phi copy chng ch n th mc config #cp keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/ #./build-dh This may take a while. #cp keys/dh2048.pem /etc/openvpn/ Sau cn phi cu hnh file server.conf #vi /etc/openvpn/server.conf port 1194 proto udp Dng cng 1194. S dng giao thc UDP. Chng ta cng c th thay i sang TCP
6

dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem

Mode. Chng ta cng c th thay i sang tap

plugin /usr/share/openvpn/plugin/lig/openvpn-auth-pam.so login client xc thc username v mt khu vi h thng linux hoc pam server 10.8.0.0 255.255.255.0 Di a ch mng cho VPN client push "dhcp-option DNS 124.108.4.130" S dung DNS ca OpenDNS.

Cho php

Push route 192.168.10.0 255.255.255.0 Cho php nh tuyn ti mng khch bn trong push "redirect-gateway" Cho php tt c traffic t client thng qua vi VPN server ny. ifconfig-pool-persist ipp.txt . cui cho client keepalive 10 120 comp-lzo Enable user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client Cho php client lin lc vi nhng my khc Sau khi cu hnh xong file server.conf chng ta c th khi ng dch v
7

Cho php Open Vpnserver ghi li nhng ip dng

Bt chc nng nn tit kim bng thng

#/etc/init.d/openvpn restart 5. Cu hnh ci t openvpn client v cu hnh chy

Bc 1 : Download bn open VPN dnh cho Windows ti y http://openvpn.net/release/openvpn-2.0.9-install.exe . Bc 2: Tin hnh cc th tc ci t mc nh . Ri copy cc files ca.crt , client.crt , client.key. Trn server linux Vo th mc C:\Program Files\OpenVPN\config trn my Windows XP Bc 3 : Dng notepad tin hnh edit files C:\Program Files\OpenVPN\sampleconfig\client.opvn

# The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote my-server-1 1194 // thy my-server-1 bng ip server ca bn

Save li . Ri copy files client.opvn vo th mc C:\Program Files\OpenVPN\config trn my Windows XP .

Bc 4: Khi ng OpenvpnGui . S thy biu tng gc phi task bar phi mn hnh . Nhp chut phi biu tng v Click vo mc connect