CentOS | Tutorial Install OpenVPN 1. Install paket # yum -y install openvpn 2. Copy perlengkapan create certification # cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/ /etc/openvpn/ 3. Pindah folder #cd /etc/openvpn/2.0 4. Kasih hak eksekusi # chmod +x build-ca build-dh build-key-server clean-all pkitool vars whichopensslcnf 5. Download vars # curl -s http://script.jualssh.com/vars >> vars 6. Configure # source ./vars; 7. Bikin cert # ./clean-all; # ./build-ca; # ./build-dh; # ./build-key-server server 8. Bikin folder # mkdir /etc/openvpn/keys/ 9. Copy key # cp /etc/openvpn/2.0/keys/* /etc/openvpn/keys/ 10. Pindah folder # cd /etc/openvpn 11. Hapus Folder # rm -Rf 2.0 12. Download config server # curl -s http://script.jualssh.com/995.conf > 995.conf 13. Edit config # sed -i 's/usr\/lib\/openvpn\/openvpn-auth-pam.so/usr\/share\/openvpn\/plugin\/lib\/openvpn-auth-pam.so/g' 995.conf 14. Restart config # service openvpn restart 15. Autostart service openvpn # chkconfig openvpn on 16. Atur kernel variable # sysctl -w net.ipv4.ip_forward=1 # sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf 17. Pengaturan iptables # iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -s 192.168.100.0/255.255.255.0 -j ACCEPT # iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable # iptables -A POSTROUTING -o venet0 -j SNAT --to-source [ip-server] nb: tempatkan iptables di atas pada file /etc/rc.local pastikan ubah ip server anda 18. Config Client # auth-user-pass pass.txt # client # dev tap # proto tcp # remote [ip server] 995 # connect-retry 5 # nobind # ping 5 # ping-restart 120 # persist-key # persist-tun # persist-remote-ip # mute-replay-warnings # verb 3 # cipher none # -----BEGIN CERTIFICATE----- MIIDsjCCAxugAwIBAgIJAPlobRc/OzFuMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD VQQGEwJJRDERMA8GA1UECBMIV2VzdEphdmExDjAMBgNVBAcTBUJvZ29yMRAwDgYD VQQKEwdKdWFsVlBOMRAwDgYDVQQLEwdKdWFsVlBOMRAwDgYDVQQDEwdKdWFsVlBO MRAwDgYDVQQpEwdKdWFsVlBOMR4wHAYJKoZIhvcNAQkBFg9tYWlsQGp1YWx2cG4u dGswHhcNMTMwNzA3MTE1MzA5WhcNMjMwNzA1MTE1MzA5WjCBmDELMAkGA1UEBhMC SUQxETAPBgNVBAgTCFdlc3RKYXZhMQ4wDAYDVQQHEwVCb2dvcjEQMA4GA1UEChMH SnVhbFZQTjEQMA4GA1UECxMHSnVhbFZQTjEQMA4GA1UEAxMHSnVhbFZQTjEQMA4G A1UEKRMHSnVhbFZQTjEeMBwGCSqGSIb3DQEJARYPbWFpbEBqdWFsdnBuLnRrMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiNvJPRy49ynjh1sQaPf6mwD9xSlA1 8VS2wHTD6GLElSMnUpcd3PnFAPMqCtYjwnXCj5ulK9jqZrP6LZ1M/iyE0V9W/NYN MXrTmjtih9P3OLrw/J98x1wdxEvifqP46iIrxgqbEAwjMuFF/AlCBoWbmkEYUDHp JT6sarIX9rCzrwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUQjWBlyz/Yexxgzx79Giq r6BY3dEwgc0GA1UdIwSBxTCBwoAUQjWBlyz/Yexxgzx79Giqr6BY3dGhgZ6kgZsw gZgxCzAJBgNVBAYTAklEMREwDwYDVQQIEwhXZXN0SmF2YTEOMAwGA1UEBxMFQm9n b3IxEDAOBgNVBAoTB0p1YWxWUE4xEDAOBgNVBAsTB0p1YWxWUE4xEDAOBgNVBAMT B0p1YWxWUE4xEDAOBgNVBCkTB0p1YWxWUE4xHjAcBgkqhkiG9w0BCQEWD21haWxA anVhbHZwarieonlinelobRc/OzFuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEAc1UC5cxdfP+m4DTmeeLkangarieT2WFmM3SP34RU3QfrtG61g+7MDUy1 5NQQlmZHsBrqfPdojhMTO3OTkJ6KtiKv0czzCD8ZVMYqv2ongDFtqVyONZAYvpvM 0shlLx4SpEq6OxexyoVxf5j7yHnKY79tsvK/GVQfk1tJJDhhcrs= -----END CERTIFICATE----- nb: sesuaikan dengan ca.crt di server