Sie sind auf Seite 1von 20

NETWORK ADMINISTRATION

OpenVPN Server on Linux

2013-2015
PASSERELLES NUMERIQEUS CAMBODIA
Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh,
Cambodia

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

CONTENTS

LAB Instruction .......................................................................................................................... 2


Windows ...................................................................................... Error! Bookmark not defined.
Install DHCP service .................................................................. Error! Bookmark not defined.
Create DCHP Scope................................................................... Error! Bookmark not defined.
Exclude IP address amount 10 IP addresses ............................. Error! Bookmark not defined.
Configure DHCP Option ............................................................ Error! Bookmark not defined.
IP address Reservation.............................................................. Error! Bookmark not defined.
Deny Client by filter Mac address ............................................. Error! Bookmark not defined.
Create New scope for LAN-Client ............................................. Error! Bookmark not defined.
Show DHCP audit log file .......................................................... Error! Bookmark not defined.
Suse Linux .................................................................................... Error! Bookmark not defined.
Adding more NICs and Assign IP address ............... Error! Bookmark not defined.
Install DHCP Relay Service ........................................... Error! Bookmark not defined.
Configure DHCP Relay Service..................................... Error! Bookmark not defined.
Let client request IP address ........................................ Error! Bookmark not defined.
Make sure between LAN client and Windows Server can: .. Error! Bookmark
not defined.

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

LAB INSTRUCTION

SUSE LINUX ENTERPRISE SERVER 11

LAN VPN Server


Network Address: 192.168.102.0/24
192.168.1.1 Router/Default Gateway
192.168.1.1 DNS Server
WAN
Network address: 203.100.10.0/24
203.100.10.1 Router/Default Gateway
192.168.1.10 DNS Server
172.16.120.3 172.16.120.254 Address pool/scope
172.16.120.10 172.16.120.20 Address Exclusive

Make sure the you have configure the hostname and ip address
of different LAN and WAN

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

1. Install Service OpenVPN

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

2. Configure VPN Server


a. Copy asy-rsa from /usr/share/openvpn/easy-rsa to /etc/openvpn

b. Generate the server key by go to /etc/openvpn and generate

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

c. Edit and change the certificate attribute by go to /etc/openvpn/easy-rsa/vars


TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

d. Define keys directory


TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

e. Generation of the key (by cryptography method Diffie-Hellman with dh1024


bit)

f. Generation of key and certificate to authority of certification


Create new user for vpn and client for generate the email address

TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

g. Generation of key and certificate to the server //information mixed with key
to create certificate then store in Server

h. Edit /etc/openvpn/easy-rsa/server.conf by changing


TOLA.LENG-PC

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

Ca ca.crt -> ca /etc/openvpn/easy-rsa/keys/ca.crt


Cert server.crt -> cert /etc/openvpn/easy-rsa/keys/vpnserver.crt
key server.key -> server.key /etc/openvpn/easy-rsa/keys/vpnserver.key
dh dh1024.perm -> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
;cipher DES-EDE3-CBC -> cipher DES-EDE3-CBC(encryption method)

TOLA.LENG-PC

10

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

TOLA.LENG-PC

11

PASSERELLESNUMERIQUES CAMBODIA

i.

NETWORK ADMINISTRATION

Generation of the keys and certificate to the client (for tola.leng user)

TOLA.LENG-PC

12

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

TOLA.LENG-PC

13

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

3. Install/Configure OpenVPN Client

TOLA.LENG-PC

14

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

TOLA.LENG-PC

15

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

-copy file ca.crt, tola.leng.crt, tola.leng.key to input into the configuration file and input the
certificate into C:\Program Files\OpenVPN\bin\..........
-copy file client.ovpn to the folder config
-change configuration file client.ovpn

TOLA.LENG-PC

16

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

TOLA.LENG-PC

17

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

-Finally save the file after we edit the information there are:
remote 203.100.10.1 1194
;remote 203.100.10.1 1194
ca "C:\\Program Files\\OpenVPN\\bin\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\bin\\tolaleng.crt"
key "C:\\Program Files\\OpenVPN\\bin\\tolaleng.key"
cipher DES-EDE3-CBC

TOLA.LENG-PC

18

PASSERELLESNUMERIQUES CAMBODIA

NETWORK ADMINISTRATION

4. Testing OpenVPN remotes


5. Testing to access File Server
6. Set only one user can remote in the same time.

The End!

TOLA.LENG-PC

19