Linux Server Build: OpenVPN From Scratch - Hak5 2019
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Today we're building an OpenVPN server from scratch in Linux!
-------------------------------
Shop:
Support:
Subscribe:
Our Site:
Contact Us:
------------------------------
Install and setup OpenVPN
apt-get update; apt-get install openvpn easy-rsa
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf
nano /etc/openvpn/server.conf
replace dh1024.pem with dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS" and replace IP addresses with your fav DNS
user nobody
group nogroup
and exit
Setup Firewall
IP forwarding
echo 1 /proc/sys/net/ipv4/ip_forward
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
and exit
firewall.
ufw status
ufw allow ssh
ufw allow 1194/udp
packets forward through the VPS by changing for forward policy to accept
nano /etc/default/ufw
DROP with ACCEPT in DEFAULT_FORWARD_POLICY="DROP"
and exit
NAT and IP masquerading for clients
nano /etc/ufw/before.rules
the following near the top
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
ufw status
Setup Keys and Start the Server
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys
nano /etc/openvpn/easy-rsa/vars
export KEY_* values
KEY_NAME to "server"
and exit
the 2048 bit Diffie-Hellman pem file we pointed to in the openvpn config
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
to the easy-rsa directory
cd /etc/openvpn/easy-rsa
the variables we configured
. ./vars
./clean-all
./build-ca all defaults
./build-key-server server all defaults
the newly generated certificates to /etc/openvpn
cp /etc/openvpn/easy-rsa/keys/server.crt,server.key,ca.crt /etc/openvpn
/etc/openvpn we should have a server.conf, server.crt, server.key, ca.crt and dh2048.pem
the OpenVPN service
service openvpn start
service openvpn status
Setup keys for the first client
./build-key client
ls keys
a new directory to merge the client configuration and keys
mkdir ~/client
the example client configuration renaming the file extension from conf to ovpn
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client/pineapple.ovpn
cd /etc/openvpn/easy-rsa/keys
cp client.crt client.key client.ovpn ~/client
cp /etc/openvpn/ca.crt ~/client
Securely copy client.crt, client.key, ca.crt and client.ovpn to your client device
cd ~/client
public IP address
ifconfig
nano pineapple.ovpn
# find remote and replace my-server-1 with IP address of VPN server
# uncomment group nogroup
# uncomment user nobody
# comment out the ca, cert and key directives
# save and exit
echo "ca" to pineapple.ovpn
cat ca.crt to pineapple.ovpn
echo "/ca" to pineapple.ovpn
echo "cert" to pineapple.ovpn
cat client.crt to pineapple.ovpn
echo "/cert" to pineapple.ovpn
echo "key" to pineapple.ovpn
cat client.key to pineapple.ovpn
echo "/key" to pineapple.ovpn
-~-~~-~~~-~~-~-
Please watch: "Bash Bunny Primer - Hak5 2225"
-~-~~-~~~-~~-~-
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
Смотрите видео Linux Server Build: OpenVPN From Scratch - Hak5 2019 онлайн без регистрации, длительностью 54 минут 05 секунд в хорошем hd качестве. Это видео добавил пользователь Hak5 06 Июль 2016, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 204 тысяч раз и оно понравилось 3 тысяч людям.