Install Openvpn in Ubuntu 14.04

Source: Internet
Author: User
Tags vars

Install Openvpn in Ubuntu 14.04
Install Openvpn in Ubuntu 14.04

--------------------------- Download and install openvpn -----------------------------------

 
 
  1. Install openvpn and other necessary plug-ins
  2. # Apt-get install openvpn libssl-dev openssl

  3. Install easy-rsa for certificate usage
  4. # Apt-get install easy-rsa
  5. Note: Since ubuntu 13, easy-rsa must be installed separately

  6. Copy the easy-rsa file to openvpn
  7. # Cp-r/usr/share/easy-rsa // etc/openvpn/

  8. Copy and decompress the openvpn configuration file
  9. # Cp-r/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz/etc/openvpn/
  10. Decompress:
  11. # Gzip-d server.conf.gz

  12. Edit the configuration vars file to set the initialization configuration file.
  13. # Vim/etc/openvpn/easy-rsa/vars

  14. Before change:
  15. # Don't leave any of these fields blank.
  16. Export KEY_COUNTRY = "US"
  17. Export KEY_PROVINCE = "CA"
  18. Export KEY_CITY = "SanFrancisco"
  19. Export KEY_ORG = "Fort-Funston"
  20. Export KEY_EMAIL = "me@myhost.mydomain"
  21. Export KEY_OU = "MyOrganizationalUnit"

  22. Modified content:
  23. # Don't leave any of these fields blank.
  24. Export KEY_COUNTRY = "CN"
  25. Export KEY_PROVINCE = "ZZ"
  26. Export KEY_CITY = "ZhengZhou"
  27. Export KEY_ORG = "ZZ"
  28. Export KEY_EMAIL = "me@myhost.mydomain"
  29. Export KEY_OU = "Yunhe"

  30. Configure the openssl soft connection:
  31. Ln-sv openssl-1.0.0.cnf openssl. cnf
  32. If this parameter is not added, the following error occurs during execution:
  33. # Source easy-rsa/vars
  34. Bash:/etc/openvpn/whichopensslcnf: No such file or directory

  35. Grant the execution permission and make it take effect:
  36. Chmod + x vars
  37. Source/etc/openvpn/easy-rsa/vars
------------------------- Server certificate ------------------------------------------

 
 
  1. CA certificate production:
  2. Delete/etc/openvpn/keys/* all files
  3. #./Clean-all

  4. Production CA:
  5. #./Build-ca
  6. Country Name (2 letter code) [CN]:
  7. State or Province Name (full name) [ZZ]:
  8. Locality Name (eg, city) [ZhengZhou]:
  9. Organization Name (eg, company) [ZZ]:
  10. Organizational Unit Name (eg, section) [Yunhe]:
  11. Common Name (eg, your name or your server's hostname) [zz ca]:
  12. Name [EasyRSA]: wkgbc
  13. Email Address [me@myhost.mydomain]:

  14. Generate server certificate:
  15. #./Build-key-server
  16. Note: This name is random. Remember to use the machine name or domain name and press Enter.
  17. The Subject's Distinguished Name is as follows
  18. CountryName: PRINTABLE: 'cn'
  19. StateOrProvinceName: PRINTABLE: 'zz'
  20. LocalityName: PRINTABLE: 'zhengzhou'
  21. OrganizationName: PRINTABLE: 'zz'
  22. OrganizationalUnitName: PRINTABLE: 'yunhe'
  23. CommonName: PRINTABLE: 'ligengsheng'
  24. Name: PRINTABLE: 'wgbc'
  25. EmailAddress: IA5STRING: 'Me @ myhost. mydomain'
  26. Certificate is to be certified until Aug 9 05:51:30 2024 GMT (3650 days)
  27. Sign the certificate? [Y/n]: y

  28. 1 out of 1 certificate requests certified, commit? [Y/n] y
  29. Write out database with 1 new entries
  30. Data Base Updated

  31. Production DH verification file:
  32. #./Build-dh
  33. Generate the diffie hellman parameter to enhance openvpn Security (generation takes a long wait)
------------------------- Client certificate ------------------------------------------

 
 
  1. Generate client certificate:
  2. # Hostname
  3. Ligengsheng
  4. #./Build-key ligengsheng001
  5. The Subject's Distinguished Name is as follows
  6. CountryName: PRINTABLE: 'cn'
  7. StateOrProvinceName: PRINTABLE: 'zz'
  8. LocalityName: PRINTABLE: 'zhengzhou'
  9. OrganizationName: PRINTABLE: 'zz'
  10. OrganizationalUnitName: PRINTABLE: 'yunhe'
  11. CommonName: PRINTABLE: 'ligengsheng001'
  12. Name: PRINTABLE: 'easyrsa'
  13. EmailAddress: IA5STRING: 'Me @ myhost. mydomain
---------------------- Set the Internet access permission ---------------------------------------------

 
 
  1. Set Internet access:
  2. # Vim/etc/sysctl. conf
  3. Find net. ipv4.ip _ forward = 0
  4. Change 0 to 1.
  5. Take effect again:
  6. # Sysctl-p
  7. Set iptables to access the Internet through nat
  8. # Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-j MASQUERADE

  9. Set the openvpn port to pass through:

  10. # Iptables-a input-p TCP -- dport 1194-j ACCEPT
  11. # Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT

------------------------ Except for other systems such as Centos ------------------------------------
 
 
  1. Note that iptables On Debian/Ubuntu does not save rules.
  2. You need to follow the steps below to save iptables rules when the NIC is disabled and load iptables rules at startup:
  3. # Vim/etc/network/if-post-down.d/iptables
  4. Add the following content:
  5. #! /Bin/bash
  6. Iptables-save>/etc/iptables. rules

  7. Grant execution permission:
  8. # Chmod + x/etc/network/if-post-down.d/iptables

  9. Create a/etc/network/if-pre-up.d/iptables File
  10. Vim/etc/network/if-pre-up.d/iptables
  11. Add the following content:
  12. #! /Bin/bash
  13. Iptables-restore </etc/iptables. rules
  14. Grant execution permission:
  15. # Chmod + x/etc/network/if-pre-up.d/iptables
---------------------------- Client installation :---------------------------------------

 
 
  1. Download openvpn to local:
  2. Http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe

  3. Copy the downloaded key file to the config file,

  4. Copy the client file in the local sample-config folder to the config file and change:

  5. ; Remote my-server-1 1194
  6. ; Remote my-server-2 1194
  7. Changed:
  8. Remote ligengsheng.chinacloudapp.cn 1194
  9. ; Remote my-server-2 1194

  10. Change the key file name:
  11. # File can be used for all clients.
  12. Ca. crt
  13. Cert ligengsheng001.crt
  14. Key ligengsheng001.key

  15. If the server is configured with a ta. key File, remove the comment.
  16. # Then every client must also have the key.
  17. ; Tls-auth ta. key 1

  18. ------------------ Linux client :-----------------------------------------

  19. # Yum install openvpn
  20. # Openvpn -- daemon -- config client. ovpn

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.