Koneksi internet melalui VPN di OpenVZ VPS dengan validasi username dan password

Erawan

13 years ago

Beberapa waktu lalu, saya pernah membuat tutorial untuk membuat sebuah VPN server dengan sebuah VPS yang menerapkan otentifikasi dengan mempergunakan Certifcate dan Key, yang ternyata mendapat banyak kunjungan dan menghadirkan beberapa diskusi 🙂
Sekarang saya akan membuat tutorial dengan sedikit perubahan pada file openvpn.conf untuk melakukan otentifikasi berdasarkan username dan password
Tutorial ini saya terapkan di VPS saya dengan spesifikasi berikut :

OpenVZ Virtual Private Server
CentOS 5.5 x86
Memory 128 Mb
Burstable 256 Mb
Disk Space 10Gb
Bandwidth 500Gb
Tun / Tap enabled

OpenVZ Virtual Private Server

CentOS 5.5 x86

Memory 128 Mb

Burstable 256 Mb

Disk Space 10Gb

Bandwidth 500Gb

Tun / Tap enabled

Konfigurasi Server
Seperti biasa, untuk mencegah adanya konflik, maka kita install ulang VPSnya, dan memilih CentOS 5 32bit
Mengupdate dan mengupgrade Operating System yang berjalan di VPS :

# yum upgrade && yum update
# yum install nano gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

1 2	# yum upgrade && yum update # yum install nano gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Download OPENVPN repo :

# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

1	# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

for 32 bit

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

1	# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

for 64bit

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

1	# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Build the rpm packages

# rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
# rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
* remember to change i386 to x86_64 if you're using 64bit

# rpmbuild --rebuild lzo-1.08-4.rf.src.rpm

# rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm

# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

* remember to change i386 to x86_64 if you're using 64bit

Install OPENVPN

# yum install openvpn

1	# yum install openvpn

Copy OPENVPN easy-rsa folder to /etc/openvpn/

# cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/

1	# cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/

Creating the Certificate :

# cd /etc/openvpn/easy-rsa/2.0
# chmod 755 *
# source ./vars
# ./vars
# ./clean-all

# cd /etc/openvpn/easy-rsa/2.0

# chmod 755 *

# source ./vars

# ./vars

# ./clean-all

Build CA :

#./build-ca

1	#./build-ca

Build key server :

#./build-key-server server

1	#./build-key-server server

Build Diffie Hellman (wait a moment until the process finish)

# ./build-dh

1	# ./build-dh

Karena akan mempergunakan validasi berdasar Username dan Password, maka kita tidak perlu membuat Certiticate untuk user 🙂
Membuat konfigurasi port forwarding ke IP VPS :

# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to ip.address.vps.anda
# /etc/init.d/iptables save

# echo 1 > /proc/sys/net/ipv4/ip_forward

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to ip.address.vps.anda

# /etc/init.d/iptables save

Selanjutnya kita membuat file konfigurasi untuk server , disimpan di /etc/openvpn/openvpn.conf

local xxx.xxx.xxx.xxx
port 1194
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

local xxx.xxx.xxx.xxx

port 1194

proto udp

dev tun

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login

client-cert-not-required

username-as-common-name

server 10.8.0.0 255.255.255.0

push "redirect-gateway def1"

push "dhcp-option DNS 208.67.222.222"

push "dhcp-option DNS 4.2.2.1"

keepalive 5 30

comp-lzo

persist-key

persist-tun

status 1194.log

verb 3

Mengcopy file certificate ke directory openvpn :

# cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn/ca.crt
# cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn/ca.key
# cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn/dh1024.pem
# cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn/server.crt
# cp /etc/openvpn/easy-rsa/2.0/keys/server.csr /etc/openvpn/server.csr
# cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn/server.key

# cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn/ca.crt

# cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn/ca.key

# cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn/dh1024.pem

# cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn/server.crt

# cp /etc/openvpn/easy-rsa/2.0/keys/server.csr /etc/openvpn/server.csr

# cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn/server.key

Menambahkan OpenVPN saat startup VPS :

# chkconfig openvpn on

1	# chkconfig openvpn on

Menjalankan OpenVPN sebagai service :

# service openvpn start

1	# service openvpn start

Jika konfigurasi berhasil, maka OpenVPN akan berjalan.
Menambahkan User yang nanti akan mempergunakan VPN :

# useradd namauser -s /bin/false
Misalnya :
# useradd vpnusatu -s /bin/false

# useradd namauser -s /bin/false

Misalnya :

# useradd vpnusatu -s /bin/false

Memberikan password untuk User yang tadi kita buat :

# passwd namauser
Misalnya :
# passwd vpnusatu

# passwd namauser

Misalnya :

# passwd vpnusatu

Konfigurasi Client
Mengcopy file di direktory /etc/openvpn/easy-rsa/2.0/keys ke komputer, dan menyimpannya di C:/Program Files/OpenVPN/config
Membuat file konfigurasi untuk Client :

C:/Program Files/OpenVPN/config/Openvpn.ovpn

1	C:/Program Files/OpenVPN/config/Openvpn.ovpn

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

client

dev tun

proto udp

remote xxx.xxx.xxx.xxx 1194

resolv-retry infinite

nobind