Knowledge is Power

possibledisastrousΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

77 εμφανίσεις















Knowledge is Power


And

if

you

look

for

it

as

for

silver

and

search

for

it

as

for

hidden

treasure,

then

you

will

understand

the

fear

of

the

LORD

and

find

the

knowledge

of

God
.

(Proverbs 2:4
-
5)





























VPN Setup using
OpenVPN

on
CentOS

6.3




Jeong

Chul


t
land12.wordpress.com

www.youtube.com/user/tland12


Computer Science



ITC and RUPP in Cambodia


























VPN Setup using
OpenVPN

on
CentOS

6.3

Part 1 Server configuration


Step 1 Basic Knowledge of VPN


Step 2
OpenVPN

package


Step

3

OpenVPN

configuration


Part

2

Client

configuration


Step

4

Client

configuration

on

Linux


Step

5

Client

configuration

on

Windows

7


Step

6

Adding

internal

networks


Step

7

More

configuration































Step
1
Basic Knowledge of VPN


1.VPN

Virtual Private Network


extends

a

private

network

across

public

networks

like

the

Internet
.



enables

a

host

computer

to

send

and

receive

data

across

shared

or

public

networks



as

if

they

were

an

integral

part

of

the

private

network

with

all

the

functionality,



security

and

management

policies

of

the

private

network



















Before VPN

After VPN














Step
1
Basic Knowledge of VPN


2.VPN Functions
-

through the use of
tunneling protocols.


Authentication:
to prevent unauthorized users from accessing the VPN.


Data Confidentiality:
make use of
encryption techniques
to protect data


Message Integrity:
to detect any instances of transmitted messages having been
tampered with.


Anti
-
replay:
to avoid attackers
injecting or making changes
in packets that travel
from a source to a destination

3.VPN Types


















VPN Type

Encryption

Usage

Comment




IPSec VPN


Pure IPSec VPN

Over layer 3

Head



Branch

Basic IPSec

GRE IPSec

Over layer

3

Head


Branch

Routing using GRE

DM

VPN

Over

layer 3

Head


Branch

For Large scale

IPSec VTI

Over layer

3

Head

Branch

Simple configuration

EASY VPN

Over layer 3

Host


Head

Allow internal network

GET VPN

Over layer 4

Head
-

Branch

Large scale, Multicast,
QoS

SSL VPN

Over layer 5

Host
-

Server

Using Web

browser

PPTP VPN

Over layer 2

Host


Head

Allow

internal network

L2TP VPN

Over layer 2

Host
-

Head

Allow

internal network

MPLS VPN

N/A

Head
-

Branch

With

IPSec VPN














Step
2

OpenVPN

Testing Environment


1.VPN Server


server.chul.com


eth0: 192.168.80.5


CentOS

6.3


tap0: 10.8.0.1


2. VPN Client


client.chul.com



eth0:192.168.80.10


CentOS

5.8



tap0 : DHCP


10.8.0.0/24


3. VPN Client


Windows 7



ip
: 192.168.80.2



tap0: DHCP


10.8.0.0/24



























Step
2

OpenVPN

package


1.OpenVPN package (openvpn.net)

# rpm

qa

|
grep

openvpn



openvpn
-
2.2.2
-
1.el6.rf.i686


2.Installing package

# yum install
openvpn


3.
Openvpn

device checking

# cat /dev/net/
tun


4.
OpenVPN

files and directory


/etc/
openvpn




//configuration file


/
usr
/share/doc/openvpn
-
2.2.2.


//document files




/etc/
rc.d
/
init.d
/
openvpn



//starting script file


/
usr
/share/
openvpn
/
plugin


//
openvpn

plugin


/etc/
openvpn
/openvpn
-
status.log

//
openvpn

log file



























Step 3
OpenVPN

Configuration (1)


1. Copy all
openvpn

files on Server

# cp

r /
usr
/share/doc/openvpn
-
2.2.2/easy
-
rsa

/etc/
openvpn
/

2. Edit
vars

(/
etc
/
openvpn
/easy
-
rsa
/2.0)

# vi
vars


export EASY_RSA="/etc/
openvpn
/easy
-
rsa
/2.0“

#
cp

openssl
-
1.0.0.cnf
openssl.cnf

# source
vars

3. Creating private key and certificate

#./build
-
ca

4. Creating server key

# ./build
-
key
-
server server

5. Creating client key

# ./build
-
key client //for Linux client

# ./build
-
key window //for Windows client

6.
Diffie
-
Hellman parameter

# ./build
-
dh or
openssl

dhparam

-
out dh1024.pem 1024


























Step 3
OpenVPN

Configuration (2)


7
.
OpenVPN

server configuration

# cp /

usr
/share/doc/openvpn
-
2.2.2/sample
-
config
-
files/
server.conf

/etc/
openvpn
/
server.conf

# vi
server.conf


port 1194


proto
udp


d
ev

tap0


ca /etc/
openvpn
/easy
-
rsa
/2.0/keys/ca.crt


cert /etc/
openvpn
/easy
-
rsa
/2.0/keys/server.crt


key /
etc
/
openvpn
/easy
-
rsa
/2.0/keys/
server.key



dh /etc/
openvpn
/easy
-
rsa
/2.0/keys/dh1024.pem


server 10.8.0.0 255.255.255.0


push "route 10.8.0.0 255.255.255.0"


client
-
to
-
client



//permit connection among clients


max
-
clients 100 //maximum clients number


















Step 3
OpenVPN

Configuration (3)


8. Staring test

#
openvpn


config

server.conf


//log checking

#
ifconfig

tap0




//device checking

#
chkconfig

openvpn

on


9. Permitting IP Forwarding

a. # echo 1 > /proc/sys/net/ipv4/
ip_forward


# vi /etc/
sysctl.conf




//permanent setting



net.ipv4.ip
-
forward = 1


#
sysctl


p


b.
tun

device
ip

forwarding on IPTABLES

#
iptables

-
A INPUT
-
i

tap+
-
j ACCEPT

#
iptables

-
A FORWARD
-
i

tap+
-
j ACCEPT























Step 4 Client Configuration on Linux


1. Package installation

# yum install
openvpn

2.
OpenVPN

client configuration

# cp /
usr
/share/doc/openvpn
-
2.2.2/sample
-
config
-
files/
client.conf

/etc/
openvpn
/
client.conf

# vi /etc/
openvpn
/
client.conf


dev

tap0


proto
udp


remote 192.168.80.5 1194

//VPN server IP Address and Port


ca /etc/
openvpn
/ca.crt


cert /
etc
/
openvpn
/client.crt


key /
etc
/
openvpn
/
client.key

#
scp

root@server
:/etc/
openvpn
/easy
-
rsa
/2.0/keys/ca.crt /etc/
openvpn
/


3. Service start

#
openvpn

--
config

client.conf

#
ifconfig

tap0

# ping 10.8.0.1


//checking connection to
OpenVPN

server



























Step 5
Client
C
onfiguration on Windows

7


1.Download and install package

a. Download from
openvpn.net

b. Filename:
openvpn
-
install
-
2.3.0
-
I005
-
i686.exe


2. Copy ca.crt and window.crt and key from VPN Server

C:
\
program
files (x86)
\
openvpn
\
config
\
ca.crt

window.crt
window.key


3
. Editing C:
\
program files (x86)
\
openvpn
\
config
\
client.ovpn


remote 192.168.80.5 1194 //VPN server IP Address and Port


d
ev

tap


ca ca.crt


cert window.crt


key
window.key


4
. Checking interface tap0

c:
\
>ipconfig /all


5
. Try to connect
vpn

server using
OpenVPN

client program on the tray






















Step 6
Adding Internal networks









1. Add this line to server’s configuration file

# vi /etc/
openvpn
/
server.conf

push "route 192.168.56.0 255.255.255.0 192.168.100.1"


2. Testing in the client

$ route

n //routing table checking






















Step 7 More configurations


1.Username Authentication

On server configuration (etc/
openvpn
/
server.conf
)


plugin

/
usr
/share/
openvpn
/
plugin
/lib/openvpn
-
auth
-
pam.so login


# service
openvpn

restart

On Client configuration on Linux (/
etc
/
openvpn
/
client.conf
/)



auth
-
user
-
pass



#
openvpn


config

client.conf


2. Using management interface

# vi /etc/
openvpn
/
server.conf


management
localhost

7505

# service
openvpn

restart

# telnet
localhost

7505


3.
Pushing DHCP options to clients


push "
dhcp
-
option DNS 10.8.0.4“


push "
dhcp
-
option DNS 10.8.0.5“






















Next Videos Topics


Short course



CMS
-

Joomla

setup on
CentOS

6.3


Linux
User
Management


Linux Log system


Linux Firewall using IPTABLES


How to control Linux Partitions


Oracle Database Setup on
CentOS

6.3


DNS security using Bind on
CentOS

6.3


VNC server setup


Monitoring Tools


MRTG & Cacti


How
to hack Wireless WEP on
Backtrack5


Google hacking


How to use GNS3 series for Networking study




























Next Videos Topics


Full course



CCNA course on GNS3


CCNP course on GNS3


CCNA Security course on GNS3



Redhat

Enterprise Security course


Backtrack 5 course


MySQL course


More security courses






























VPN Setup using
OpenVPN

on
CentOS

6.3




Thank you & God bless you



tland12.wordpress.com

www.youtube.com/user/tland12