====== OpenVPN ====== ===== Získání certifikátu ===== Vygenerujeme certifikat, ulozi se do souboru ta.key ''openvpn --genkey --secret ta.key'' server konfigurace ''tls-auth ta.key 0'' server konfigurace ''tls-auth ta.key 1'' ===== Příklad ===== port 1194 proto tcp ;proto udp dev tun0 ca ca.crt cert server.crt key server.key dh dh2048.pem server 192.168.1.2 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir ccd route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: iroute 192.168.40.128 255.255.255.248 ifconfig-push 10.9.0.1 10.9.0.2 # use this, if you wanna use fixed VPN IP push "route 192.168.182.0 255.255.255.0" push "redirect-gateway" push "dhcp-option DNS 192.168.183.1" push "dhcp-option WINS 10.8.0.1" client-to-client keepalive 10 120 tls-auth ta.key 0 # secret file cipher BF-CBC # Blowfish cipher AES-128-CBC # AES cipher DES-EDE3-CBC # Triple-DES comp-lzo # compresion ;max-clients 100 status openvpn-status.log ===== Statická IP ===== nejaka slozka pro konfiguraci jednotlivych klientu, jmeno souboru podle common name v certifikatu (lze jednoduse najit v openvpn-status.log) Nijak moc to neresi kolize a celkem s klidem si vygeneruje adresu, ktera uz je pouzita staticky. Takze lepsi pouzit nejaky vyssi. V main configu ("server.conf"): client-config-dir clients.d V prislusnem klientskem souboru staci-melo by stacit napsat virtualni ip klienta a serveru (dunno) ifconfig-push 10.0.5.**X** 10.0.5.**Y** Podle pseudokumentace (@ http://www.imped.net/oss/misc/openvpn-2.0-howto-edit.html ) je potreba pro obe adresy, u klienta pouzit nejaky z paru [X, Y] [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118] [121,122] [125,126] [129,130] [133,134] [137,138] [141,142] [145,146] [149,150] [153,154] [157,158] [161,162] [165,166] [169,170] [173,174] [177,178] [181,182] [185,186] [189,190] [193,194] [197,198] [201,202] [205,206] [209,210] [213,214] [217,218] [221,222] [225,226] [229,230] [233,234] [237,238] [241,242] [245,246] [249,250] [253,254] ===== Linky ===== [[http://openvpn.net/index.php/documentation/howto.html#security]] ====== Návod na spusteni VPN ====== - nainstalovat program OpneVPN (nejlepe bez GUI) - naimportovat vsechny vygenerovany certifikaty do programfiles/openVPN/config - spustit spravce uloh - prepnout na sluzby - KLIK : sluzby jako spravce - Open VPN Service Stav: spusteno Typ spouštení: automaticky - zrestartovat pc - otestovat: CMD/ping 10.0.4.52 - DONE! pak nastavit sitovy disk dle navodu