SlideShare uma empresa Scribd logo

OpenVPN

Emil CHERICHEȘ
Emil CHERICHEȘ

This document discusses setting up an OpenVPN network between two sites. It includes generating certificates using OpenSSL, configuring a bridge and TAP interfaces using bridging-utils, and configuring the OpenVPN server and client. The OpenVPN server is configured to use the TAP interface and bridge, and authentication is set up using the certificates. Instructions are provided on starting the OpenVPN service and ensuring it starts at system boot.

Tecnologia
1 de 17
Baixar para ler offline
Interconectarea sediilor companiei Emil CHERICHEȘ Geek Meet #3 Tîrgu Mureș 12 Decembrie 2009
Situația
Linux Distribuția folosită
su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- 5-3.noarch.rpm' http://fedoraproject.org/wiki/EPEL EPEL Extra Packages for Enterprise Linux
OpenVPN # yum install openvpn
/etc/init.d/tunctl #! /bin/bash # # network Bring up/down tun0 # # chkconfig: 2345 9 90 # description: Activates/Deactivates tap0. # case $1 in start) /usr/sbin/tunctl -t tap0 ;; stop) /usr/sbin/tunctl -d tap0 ;; *) echo $"Usage: $0 {start|stop}" exit 1 Esac exit $rc chkconfig tunctl on Interfețele TAP Interfețele de rețea virtuale pe care comunică OpenVPN
yum install bridge-utils tunctl cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-br0 ifcfg-eth0: ifcfg-br0: ifcfg-tap0: DEVICE=eth0 DEVICE=br0 DEVICE=tap0 BOOTPROTO=static TYPE=Bridge BOOTPROTO=static BRIDGE=br0 BOOTPROTO=static ONBOOT=yes HWADDR=08:00:27: IPADDR=192.168.1.1 BRIDGE=br0 A1:51:87 NETMASK=255.255.2 ONBOOT=yes 55.0 TYPE=Ethernet ONBOOT=yes Rețeaua Configurarea bridge-ului
ca.crt OpenSSL Generarea certificatelor
gw1.crt gw1.key OpenSSL Generarea certificatelor
gw2.crt gw2.key OpenSSL Generarea certificatelor
dh1024.pem OpenSSL Generarea certificatelor
Server Client ca.crt ca.crt gw1.crt gw2.crt gw1.key gw2.key dh1024.pem /etc/openvpn /usr/share/doc/openvpn-2.1/sample-config-files/ certificatele care unde trebuie puse
port 1194 proto udp dev tap0 ca ca.crt cert gw1.crt key gw1.key dh dh1024.pem server-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 server.conf Serverul OpenVPN
client dev tap0 proto udp remote GW1_PUBLIC_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert gw2.crt key gw2.key ns-cert-type server comp-lzo verb 3 client.conf Clientul OpenVPN
service openvpn start chkconfig openvpn on startup Pornirea servicului și setarea inițializării sistemului
Situația
Mulțumesc Emil CHERIHCHEȘ http://emil.cheriches.ro

Recomendados

Openvpn
OpenvpnOpenvpn
Openvpn
mato2012
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
francisdinha
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
Tomaz Muraus
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPN
A Green
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
Chanaka Lasantha
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testing
Antonio Ojea Garcia
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
OSOCO
 

Recomendados

Openvpn
OpenvpnOpenvpn
Openvpn
mato2012
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
francisdinha
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
Tomaz Muraus
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPN
A Green
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
Chanaka Lasantha
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testing
Antonio Ojea Garcia
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
OSOCO
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
Sim Janghoon
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
Green Jb
 
QUIC
QUICQUIC
QUIC
Apache Traffic Server
 
Sdnds tw-meetup-2
Sdnds tw-meetup-2Sdnds tw-meetup-2
Sdnds tw-meetup-2
Fei Ji Siao
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8
Nauber Gois
 
Building a moat bastion server
Building a moat bastion serverBuilding a moat bastion server
Building a moat bastion server
nseemiller
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
videos
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
videos
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
YongKi Kim
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
Netronome
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
Jxck Jxck
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
Zhichao Liang
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
shigeki_ohtsu
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
Open Networking Perú (Opennetsoft)
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
apenwarr
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
rranjithrajaram
 
3 manual installation of open vpn
3 manual installation of open vpn3 manual installation of open vpn
3 manual installation of open vpn
Ashwajit Maske
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
Hanan Nmr
 

Mais conteúdo relacionado

Mais procurados

OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
Sim Janghoon
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
Green Jb
 
Building a moat bastion server
Building a moat bastion serverBuilding a moat bastion server
Building a moat bastion server
nseemiller
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 

Mais procurados (20)

OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
 
QUIC
QUICQUIC
QUIC
 
Sdnds tw-meetup-2
Sdnds tw-meetup-2Sdnds tw-meetup-2
Sdnds tw-meetup-2
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8
 
Building a moat bastion server
Building a moat bastion serverBuilding a moat bastion server
Building a moat bastion server
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 

Semelhante a OpenVPN

ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
redhat9
 

Semelhante a OpenVPN (20)

3 manual installation of open vpn
3 manual installation of open vpn3 manual installation of open vpn
3 manual installation of open vpn
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Kickstart
KickstartKickstart
Kickstart
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous docker
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFi
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

OpenVPN

  • 1. Interconectarea sediilor companiei Emil CHERICHEȘ Geek Meet #3 Tîrgu Mureș 12 Decembrie 2009
  • 4. su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- 5-3.noarch.rpm' http://fedoraproject.org/wiki/EPEL EPEL Extra Packages for Enterprise Linux
  • 6. /etc/init.d/tunctl #! /bin/bash # # network Bring up/down tun0 # # chkconfig: 2345 9 90 # description: Activates/Deactivates tap0. # case $1 in start) /usr/sbin/tunctl -t tap0 ;; stop) /usr/sbin/tunctl -d tap0 ;; *) echo $"Usage: $0 {start|stop}" exit 1 Esac exit $rc chkconfig tunctl on Interfețele TAP Interfețele de rețea virtuale pe care comunică OpenVPN
  • 7. yum install bridge-utils tunctl cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-br0 ifcfg-eth0: ifcfg-br0: ifcfg-tap0: DEVICE=eth0 DEVICE=br0 DEVICE=tap0 BOOTPROTO=static TYPE=Bridge BOOTPROTO=static BRIDGE=br0 BOOTPROTO=static ONBOOT=yes HWADDR=08:00:27: IPADDR=192.168.1.1 BRIDGE=br0 A1:51:87 NETMASK=255.255.2 ONBOOT=yes 55.0 TYPE=Ethernet ONBOOT=yes Rețeaua Configurarea bridge-ului
  • 12. Server Client ca.crt ca.crt gw1.crt gw2.crt gw1.key gw2.key dh1024.pem /etc/openvpn /usr/share/doc/openvpn-2.1/sample-config-files/ certificatele care unde trebuie puse
  • 13. port 1194 proto udp dev tap0 ca ca.crt cert gw1.crt key gw1.key dh dh1024.pem server-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 server.conf Serverul OpenVPN
  • 14. client dev tap0 proto udp remote GW1_PUBLIC_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert gw2.crt key gw2.key ns-cert-type server comp-lzo verb 3 client.conf Clientul OpenVPN
  • 15. service openvpn start chkconfig openvpn on startup Pornirea servicului și setarea inițializării sistemului
  • 17. Mulțumesc Emil CHERIHCHEȘ http://emil.cheriches.ro