Scribd Logo
Upload

Welcome to Scribd!

  • Open VPN

    Uploaded by

    Anish
    16 views11 pages

    Original Title

    open VPN

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views11 pages

    Open VPN

    Uploaded by

    Anish

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    7.

    2 Configuration
    Step 1: Setup OpenVPN on the gateway for both server and client

    First and foremost, mount the TinyNetConfig.iso image file and run the installation
    for the OpenVPN with the following commands for both client and server side.

     # cd /mnt/hdc
     ./SetupMenu
     Install OpenVPN

    Diagram 7.1: Setup OpenVPN

    Step 2: Key generation setup and handshake for OpenVPN.

    In order to provide a secured handshake, both client and server required to have the
    same Certificate Authority (CA) key generated by OpenVPN which used for
    authenticate between the client and the server are directly using the same keys.
    Therefore, in order to generate the key and certificate by OpenVPN correctly, both of
    client and server side are required to input the following command lines.

     /usr/doc/openvpn-2.0.9/easy-rsa/
     ./vars
     ./clean-all
     ./build-ca
    Diagram 7.2: Step 2 configuration

    Step 3: Configuring the server

    After completing step 2 for server, continuing on adding the following command lines
    in /usr/doc/openvpn-2.0.9/easy-rsa/.

     ./build-key-server server
     Input Common Name field as “server” then confirm the certificate with ‘y’.
     ./build-dh and check the dh1024.pem exists in MC mode.
     Copy the all of the newly generated keys and certificates of ./keys directory to
    /usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.

    Diagram 7.3: Step 3 configuration for server


    Diagram 7.4: Step 3 configuration

    Diagram 7.5: Check and copy for CA and server.key

    Step 4: Configuring the client

    Similar to step 3, the client must complete step 2 and add on the following command
    lines.

     Copy the previously generated ca.key and ca.crt to ./keys of the client.
     Go to /usr/doc/openvpn-2.0.9/easy-rsa/ and ./build-key client
     Input Common Name field as “client” then confirm the certificate with ‘y’.
     Copy the all of the newly generated client keys and certificates of ./keys
    directory to /usr/doc/openvpn-2.0.9/sample-config-files/ in MC mode.
    Diagram 7.6: Copying the key

    Diagram 7.7: Step 4 configuration for client

    Diagram 7.8: Step 4 configuration for client


    Diagram 7.9: Check and copy for CA and client.key

    Step 5: Tun configuration files for server and client

    Go to /usr/doc/openvpn-2.0.9/sample-config-files/ and edit the ./server.conf with the


    following

     ;dev tap
     dev tun
     Check for the ca.crt, server.crt, server.key and dh1024.pem is properly
    defined.
     ; server-bridge 192.168.8.8 255.255.255.0 192.168.8.128 192.168.8.254
     server 10.8.0.0 255.255.255.0

    Diagram 7.10: Step 5 editing tun config files for server

    Then for the ./client.conf edit the following lines.

     ;server
     ;client
     ;dev tap
     dev tun
     remote 192.168.76.101 1194
     ;remote my-server-2 1194
     Check for ca.crt, client.crt and client.key are properly defined.

    Diagram 7.11: Step 5 editing tun config files for client

    Step 6: Initialization and testing for Tun

    Open the server and input the following command lines to create and initialize the tun
    for both server and client.

     Mkdir /dev/net
     Mknod /dev/net/tun c 10 200

    Diagram 7.12: Step 6 configuration

    After that on the server side, input the following commands.

     /usr/doc/openvpn-2.0.9/sample-config-files/

     openvpn tun-server.conf
    Diagram 7.13: Step 6 server configuration

    For the client side, input the following commands.

     /usr/doc/openvpn-2.0.9/sample-config-files/

     openvpn tun-client.conf

    Diagram 7.14: Step 6 client configuration and showing initialization sequence


    completed

    The tun will be tested by client ping 10.8.0.1.

    Step 7: Tap configuration files for server and client


    Similar with Tun configurations, go to /usr/doc/openvpn-2.0.9/sample-config-files/
    and edit the ./server.conf with the following

     dev tap0
     ;dev tun
     server-bridge 192.168.8.4 255.255.255.0 192.168.8.128 192.168.8.254
     ;server 10.8.0.0 255.255.255.0

    Diagram 7.15: Step 7 TAP configuration for server

    Go back to normal mode and active the bridge utility under the directory of
    /mnt/live/memory/modules with the following command.

     activate bridge-utils-1.2-2.lzm

    Diagram 7.16: Activate bridge utility command

    Next move to ./client.conf, input the following command line

     client
     ;server
     dev tap
     ;dev tun
     remote 192.168.76.101 1194
     ;remote my-server-2 1194
     Check for ca.crt, client.crt and client.key are properly defined.
    Diagram 7.17: Step 7 TAP configuration for client

    Step 8: Initialization and testing for Tap

    Previously done by step 6, the initialization already done with the mknod /dev/net/tun
    c 10 200 command. The configuration that need to be done is initialize the tap0
    opened allowing it to set the persist state to ON.

    Server side configuration is done as follows in terminal.

     /usr/doc/openvpn-2.0.9/sample-scripts
     ./bridge-start
     /usr/doc/openvpn-2.0.9/sample-config-files/
     openvpn tap-server.conf

    Diagram 7.18: Step 8 initialization TAP for server.

    Client side of configuration is also done as the following in terminal.

     /usr/doc/openvpn-2.0.9/sample-config-files/
     openvpn tap-server.conf
    Diagram 7.18: Step 8 initialization TAP for client.

    Then the test for Tap configuration is done by the client through ping 192.168.8.4 for
    br0.

    7.3 Results
    The results are shown with TUN and TAP connections are able to ping each other
    through OpenVPN.

    Diagram 7.19: Tun connection result for server side


    Diagram 7.20: Tun connection result for client side

    Diagram 7.21: TAP connection result from server side

    Diagram 7.22: TAP connection result from client side

    You might also like