Create a virtual local area network
This article was not written by me, but by my friend, who is not yet present at the habr. If you want, you can send an invite to mail@feduza.ru
Once upon a time, I came across the Hamachi program, with which you can create a virtual local area network without having “real” IP addresses. But at some point I wanted to get a similar service of my own implementation.
Here OpenVPN came to the rescue of me.
So, the task:
Having a VPS under Debian Lenny, create a virtual local area network with clients running Linux and Windows XP.
Server Tuning:
')
Of course, it is assumed that on our VPS IP address is white and tun is allowed.
Connect to the server and install openvpn and openssl:
Copy the contents of the easy-rsa folder to the openvpn directory:
Go to the directory /etc/openvpn/easy-rsa/2.0
Open the vars file with a text editor and at the end see:
We edit the parameters in quotes as we want.
We execute the following commands:
The last command creates a certificate for our server, using the parameters that we registered in the vars file, with the exception of the Common Name, we write it ourselves.
Generating key for server:
In the Common Name paragraph, we write server .
Now for the client:
In the Common Name paragraph we write client1 .
Create a Diffie-Hellman key:
Copy the ca.crt files ca.key dh1024.pem server.crt server.key to the openvpn folder:
Go to / etc / openvpn / and open / create the openvpn.conf file with the following content:
We start the server:
The tun0 network adapter with IP 172.16.0.1 should appear in ifconfig.
Setting up a client for Linux:
To start again, we put openvpn.
Now you need to transfer the ca.crt client1.crt client1.key files to the client machine.
(located in the /etc/openvpn/easy-rsa/2.0/keys/ server directory)
and put their folder / etc / openvpn /
then open / create the file /etc/openvpn/openvpn.conf:
(in our case, the client name is client1)
Now we start openvpn:
Configuring a client under Windows XP:
Download and install the Openvpn GUI .
We throw the necessary files (see the previous paragraph) in the folder C: \ Program Files \ OpenVPN \ config \,
then in the tray we find the openvpn gui icon, right-click and select “Connect”.
Connecting other clients:
Go to the server in the folder /etc/openvpn/easy-rsa/2.0
Execute commands:
We throw to the client files ca.crt client_name.crt client_name.key
Next, the client does everything on the manuals above.
The end.
Once upon a time, I came across the Hamachi program, with which you can create a virtual local area network without having “real” IP addresses. But at some point I wanted to get a similar service of my own implementation.
Here OpenVPN came to the rescue of me.
So, the task:
Having a VPS under Debian Lenny, create a virtual local area network with clients running Linux and Windows XP.
Server Tuning:
')
Of course, it is assumed that on our VPS IP address is white and tun is allowed.
Connect to the server and install openvpn and openssl:
apt-get install openvpn
apt-get install openssl
Copy the contents of the easy-rsa folder to the openvpn directory:
cp -R / usr / share / doc / openvpn / examples / easy-rsa / etc / openvpn /
Go to the directory /etc/openvpn/easy-rsa/2.0
Open the vars file with a text editor and at the end see:
export KEY_COUNTRY = "US"
export KEY_PROVINCE = "CA"
export KEY_CITY = "SanFrancisco"
export KEY_ORG = "Fort-Funston"
export KEY_EMAIL = "me@myhost.mydomain"
We edit the parameters in quotes as we want.
We execute the following commands:
. ./vars
./clean-all
./build-ca
The last command creates a certificate for our server, using the parameters that we registered in the vars file, with the exception of the Common Name, we write it ourselves.
Generating key for server:
./build-key-server server
In the Common Name paragraph, we write server .
Now for the client:
./build-key client1
In the Common Name paragraph we write client1 .
Create a Diffie-Hellman key:
./build-dh
Copy the ca.crt files ca.key dh1024.pem server.crt server.key to the openvpn folder:
cd /etc/openvpn/easy-rsa/2.0/keys
cp ca.crt ca.key dh1024.pem server.crt server.key / etc / openvpn
Go to / etc / openvpn / and open / create the openvpn.conf file with the following content:
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist tun
status openvpn-status.log
verb 3
client-to-client
We start the server:
/etc/init.d/openvpn start
The tun0 network adapter with IP 172.16.0.1 should appear in ifconfig.
Setting up a client for Linux:
To start again, we put openvpn.
Now you need to transfer the ca.crt client1.crt client1.key files to the client machine.
(located in the /etc/openvpn/easy-rsa/2.0/keys/ server directory)
and put their folder / etc / openvpn /
then open / create the file /etc/openvpn/openvpn.conf:
client
dev tun
proto tcp
remote real_IP_address of our_server 1194
resolv-retry infinite
nobind
persist-key
persist tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
(in our case, the client name is client1)
Now we start openvpn:
/etc/init.d/openvpn start
Configuring a client under Windows XP:
Download and install the Openvpn GUI .
We throw the necessary files (see the previous paragraph) in the folder C: \ Program Files \ OpenVPN \ config \,
then in the tray we find the openvpn gui icon, right-click and select “Connect”.
Connecting other clients:
Go to the server in the folder /etc/openvpn/easy-rsa/2.0
Execute commands:
source ./vars
./build-key client_name
We throw to the client files ca.crt client_name.crt client_name.key
Next, the client does everything on the manuals above.
The end.
Source: https://habr.com/ru/post/80217/
All Articles