Home > LiNuX (based on debian), Networking, VPN > Assign IP VPN static pada client openvpn

Assign IP VPN static pada client openvpn

Karena tips/tutorial ini merupakan lanjutan dari tulisan saya sebelumnya, maka sebelum melanjutkan membaca silakan lihat tulisan saya yg ini agar anda paham dasar setting openvpn yang saya maksutkan.

Disini kita menginginkan tiap2 client mendapatkan ip-address dari VPN server secara static (tidak berubah utk tiap client). Oleh karena itu yg harus kita lakukan adalah :

SETTING DISISI SERVER

  1. Edit settingan server (sy ambil dari point 11 tulisan ini) dan ubah / tambahkan seperti tulisan yg di BOLD.
  2. port 1194
    proto udp
    dev tun
    ca /etc/openvpn/bo/ca.crt
    cert /etc/openvpn/bo/bo-server.crt
    key /etc/openvpn/bo/bo-server.key # This file should be kept secret
    dh /etc/openvpn/bo/dh1024.pem
    server 10.10.10.0 255.255.255.0
    ;ifconfig-pool-persist ipp.txt
    client-config-dir ccd
    push “route 128.1.1.0 255.255.255.0“
    push “route 192.168.1.0 255.255.255.0“
    client-to-client
    duplicate-cn
    keepalive 30 120
    comp-lzo
    max-clients 10
    user nobody
    group nogroup
    persist-key
    persist-tun
    status /var/log/openvpn-status.log
    verb 3

  3. membuat certificate untuk  client, contoh disini adalah utk client yg saya beri nama client-bandung
  4. root@development:/etc/openvpn/easy-rsa/2.0# ./build-key client-bandung
    Generating a 1024 bit RSA private key
    ..........++++++
    ...++++++
    writing new private key to 'client-bandung.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [ID]:
    State or Province Name (full name) [JATIM]:
    Locality Name (eg, city) [Surabaya]:
    Organization Name (eg, company) [Blue-Office]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) [client-bandung]:
    Name []:client-bandung
    Email Address [lqman.debianist@gmail.com]:lqman.debianist@gmail.com

    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
    Check that the request matches the signature
    Signature ok
    The Subject’s Distinguished Name is as follows
    countryName           : PRINTABLE:’ID’
    stateOrProvinceName   : PRINTABLE:’JATIM’
    localityName          : PRINTABLE:’Surabaya’
    organizationName      : PRINTABLE:’Blue-Office’
    commonName            : PRINTABLE:’client-bandung’
    name                  : PRINTABLE:’client-bandung’
    emailAddress          :IA5STRING:’lqman.debianist@gmail.com’
    Certificate is to be certified until Mar 14 04:46:09 2021 GMT (3650 days)
    Sign the certificate? [y/n]:y

    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated

SETTING DISISI CLIENT

  1. assign client (yg namanya ada pada certificate) utk mendapatkan address yg di-inginkan, dengan cara :
  2. root@development:/etc/openvpn/easy-rsa/2.0# cd /etc/openvpn/
    root@development:/etc/openvpn# mkdir ccd
    root@development:/etc/openvpn# cd ccd/
    root@development:/etc/openvpn/ccd# vim client-bandung
    ifconfig-push 10.10.10.5 10.10.10.6

  3. meng-kopi-kan certificate (yg telah dibuat pada point 2) kepada komputer client.
  4. Edit client configuration, menjadi seperti di bawah ini :
  5. client
    dev tun
    proto udp
    remote 110.139.64.141 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client-bandung.crt
    key client-bandung.key
    ns-cert-type server
    comp-lzo
    verb 3

  6. Check ip-address client, jika IP address sdh menjadi seperti yg anda setting di server (yaitu 10.10.10.5), maka settingan anda sdh berhasil dijalankan, sebagaimana gambar dibawah ini.
  7. untuk lebih meyakinkan bahwa ip-address yg didapatkan client sudah FIXed (tdk berganti-ganti), lakukan disconnect & connect ataupun reconnect berkali2, lalu check kembali ip address.

Happy hacking. 😛

Referensi :

http://openvpn.net/index.php/open-source/documentation/howto.html#dhcp

Advertisements
  1. 28 March 2011 at 7:43 am

    Numpang belajar bos…

    jawab :
    Silakan gan…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: