{"id":30,"date":"2010-11-02T21:38:28","date_gmt":"2010-11-02T14:38:28","guid":{"rendered":"http:\/\/iroel.blog.binusian.org\/?p=30"},"modified":"2010-11-02T21:38:28","modified_gmt":"2010-11-02T14:38:28","slug":"vpn-udp-tcp","status":"publish","type":"post","link":"https:\/\/iroel.blog.binusian.org\/index.php\/2010\/11\/02\/vpn-udp-tcp\/","title":{"rendered":"Vpn udp &amp; tcp"},"content":{"rendered":"<p>Nie mau bagi&#8221; tutorial buat Lw yang belum tau cara buat vpn di vps atau dedicated server SSH..<\/p>\n<p>Lets Go&#8230;.<br \/>\nsyarat2 nya<br \/>\n1. PC or Notebook<br \/>\n2. Koneksi Internet <img decoding=\"async\" alt=\"\" border=\"0\" class=\"inlineimg\" src=\"http:\/\/static.kaskus.us\/images\/smilies\/sumbangan\/14.gif\" title=\"Big Grin\" \/><br \/>\n3. Server serah mau DS or VPS seng penting akses e root<br \/>\n4. Rokok Sebungkus + Kopi tambah cemilan dikit<\/p>\n<p><!--more--><br \/>\nLangsung aja bagi yang udah punya VPS atau Dedicated Server SSH dengan  akses root yang berbasis CENTOS ok Go Buka Putty nya sekarang <img decoding=\"async\" alt=\"\" border=\"0\" class=\"inlineimg\" src=\"http:\/\/static.kaskus.us\/images\/smilies\/sumbangan\/14.gif\" title=\"Big Grin\" \/><\/p>\n<p>sebelum membuat vpn cek dulu apakah server nya udah didukung dev\/tun apa belum<br \/>\ndan juga beberapa aplikasi yang mendukung untuk jalan nya openvpn<\/p>\n<p>==================================================  =<br \/>\nlogin as: root<br \/>\n<a href=\"mailto:root@orangperawang.com\">root@iroel.info<\/a>&#8216;s password:<br \/>\n[root@iroel ~]# ls -al \/dev\/net\/tun  &lt;&lt;&lt; command nya<br \/>\ncrw&#8212;&#8212;- 1 root root 10, 2000 Feb 26 18:01 \/dev\/net\/tun &lt;&lt; berarti sudah di dukung dev tun<br \/>\n[root@iroel ~]#<br \/>\n==================================================  =<br \/>\nselanjut nya install beberapa aplikasi yang di perlukan<br \/>\nini beberapa paket yang di perlukan<\/p>\n<p>1. gcc<br \/>\n2. rpm-build<br \/>\n3. autoconf.noarch<br \/>\n4. zlib-devel<br \/>\n5. pam-devel<br \/>\n6. openssl-devel<br \/>\n7. make<\/p>\n<p>install langsung semua nya<br \/>\n==================================================  ==========<br \/>\n[root@iroel ~]# yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make<br \/>\n==================================================  ==========<br \/>\nsetelah nanti di install download openvpn nya ke dalam server<\/p>\n<p>==================================================  ==========<br \/>\n[root@iroel ~]# wget <a href=\"http:\/\/openvpn.net\/release\/openvpn-2.0.9.tar.gz\" target=\"_blank\">http:\/\/openvpn.net\/release\/openvpn-2.0.9.tar.gz<\/a><br \/>\n[root@iroel ~]# wget <a href=\"http:\/\/openvpn.net\/release\/lzo-1.08-4.rf.src.rpm\" target=\"_blank\">http:\/\/openvpn.net\/release\/lzo-1.08-4.rf.src.rpm<\/a><br \/>\n==================================================  ==========<br \/>\njadiin rpm yang udah di download tadi<\/p>\n<p>[root@iroel ~]#rpmbuild &#8211;rebuild lzo-1.08-4.rf.src.rpm<br \/>\n[root@iroel ~]#rpm -Uvh \/usr\/src\/redhat\/RPMS\/x86_64\/lzo-*.rpm<br \/>\n[root@iroel ~]#rpmbuild -tb openvpn-2.0.9.tar.gz<br \/>\n[root@iroel ~]#rpm -Uvh \/usr\/src\/redhat\/RPMS\/x86_64\/openvpn-2.0.9-1.x86_64.rpm<\/p>\n<p>perhatikan bahwa nama direktori mungkin saja berbeda, apabila mesin nya  32bit maka direktorinya biasanya: \/usr\/src\/redhat\/RPMS\/i386\/<\/p>\n<p>cara cek mesin cukup ketik uname -a pada server nanti nya akan keluar tulisan seperti ini<\/p>\n<p>[root@iroel ~]# uname -a<br \/>\nLinux iroel.info 2.6.18-028stab059.6 #1 SMP Fri Nov 14 14:01:22  MSK 2000 x86_64 x86_64 x86_64 GNU\/Linux &lt;&lt;&lt; mesin 64bit<br \/>\n[root@iroel ~]#<\/p>\n<p>copy file konfigurasi nya menuju folder \/etc\/openvpn (biar gampang ngecek nya)<\/p>\n<p>[root@iroel ~]#cp -r \/usr\/share\/doc\/openvpn-2.0.9\/easy-rsa\/ \/etc\/openvpn\/<br \/>\n[root@iroel ~]#cp \/usr\/share\/doc\/openvpn-2.0.9\/sample-config-files\/server.conf \/etc\/openvpn\/<\/p>\n<p>Building certificate (membuat sertifikat)<br \/>\ncaranya, kita masuk direktori \/etc\/openvpn\/easy-rsa\/2.0<\/p>\n<p>[root@iroel ~]#cd \/etc\/openvpn\/easy-rsa\/2.0<br \/>\n[root@iroel ~]#source .\/vars<br \/>\n[root@iroel ~]#.\/vars<br \/>\n[root@iroel ~]#.\/clean-all<br \/>\n[root@iroel ~]#.\/build-ca<br \/>\nakan muncul tulisan2 aneh seperti ini:<br \/>\nGenerating a 1024 bit RSA private key<br \/>\n\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026++++++<br \/>\n\u2026\u2026\u2026\u2026\u2026\u2026\u2026\u2026.++++++<br \/>\nwriting new private key to \u2018ca.key\u2019<br \/>\ndsb&#8230;.. dll<\/p>\n<p>ga usah bingung enter enter aja, yang perlu diisi hanyalah pada field \u201cCommon Name\u201d itu aja.<\/p>\n<p>buat key server nya <\/p>\n<p>[root@iroel ~]#.\/build-key-server server<\/p>\n<p>buat Diffie Hellman<\/p>\n<p>[root@iroel ~]# .\/build-dh<\/p>\n<p>Sekarang copy sertifikat2 tersebut menuju \/etc\/openvpn\/keys<\/p>\n<p>[root@iroel ~]#cp \/etc\/openvpn\/easy-rsa\/2.0\/keys \/etc\/openvpn\/keys -R<\/p>\n<p>sekarang kita ke direktori \/etc\/openvpn\/<\/p>\n<p>[root@iroel ~]# cd \/etc\/openvpn\/<br \/>\n[root@iroel openvpn]#<\/p>\n<p>lihat apa yang aja isi dari direktori openvpn nya<br \/>\n[root@iroel openvpn]# ls -al<br \/>\ndrwxr-xr-x  4 root root 4096 Feb 26 17:25 easy-rsa<br \/>\n-rw&#8212;&#8212;-  1 root root    0 Feb 26 17:35 ipp.txt<br \/>\ndrwx&#8212;&#8212;  2 root root 4096 Feb 26 17:30 keys<br \/>\n-rw-r&#8211;r&#8211;  1 root root    9 Feb 28 17:36 server.conf<br \/>\n[root@iroel openvpn]#<\/p>\n<p>backup dulu server.conf nya <\/p>\n<p>[root@iroel openvpn]# cp server.conf server.conf.bak<\/p>\n<p>trus edit server.conf nya hapus juga ga apa apa<\/p>\n<p>[root@iroel openvpn]# rm -rf server.conf<br \/>\n[root@iroel openvpn]# <\/p>\n<p>buat baru lagi server.conf nya bisa pake command vi, pico, nano<br \/>\n[root@iroel openvpn]# vi server.conf<\/p>\n<p>isi aja di situ tulisan &#8220;dev tun&#8221; tanpa tanda petik<\/p>\n<p>nah sekarang buat config 443.conf juga 53.conf<br \/>\nsesuai kebutuhan hehehehehhe<\/p>\n<p>ini isi config nya 443.conf<br \/>\n==================================================  =========<br \/>\nport 443<br \/>\nproto tcp<br \/>\ndev tun<br \/>\nca \/etc\/openvpn\/keys\/ca.crt<br \/>\ncert \/etc\/openvpn\/keys\/server.crt<br \/>\nkey \/etc\/openvpn\/keys\/server.key<br \/>\ndh \/etc\/openvpn\/keys\/dh1024.pem<\/p>\n<p>plugin \/usr\/share\/openvpn\/plugin\/lib\/openvpn-auth-pam.so \/etc\/pam.d\/login<br \/>\nclient-cert-not-required<br \/>\nusername-as-common-name<\/p>\n<p>server 10.8.0.0 255.255.255.0<br \/>\nifconfig-pool-persist ipp.txt<br \/>\npush &#8220;redirect-gateway def1&#8221;<br \/>\npush &#8220;dhcp-option DNS 4.2.2.1&#8221;<br \/>\npush &#8220;dhcp-option DNS 4.2.2.2&#8221;<br \/>\nkeepalive 5 30<br \/>\ncomp-lzo<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nstatus server-tcp.log<br \/>\nverb 3<br \/>\n==================================================  =========<\/p>\n<p>isi config 53.conf<\/p>\n<p>==================================================  =========<br \/>\nport 53<br \/>\nproto udp<br \/>\ndev tun<br \/>\nca \/etc\/openvpn\/keys\/keys\/ca.crt<br \/>\ncert \/etc\/openvpn\/keys\/keys\/server.crt<br \/>\nkey \/etc\/openvpn\/keys\/keys\/server.key<br \/>\ndh \/etc\/openvpn\/keys\/keys\/dh1024.pem<\/p>\n<p>plugin \/usr\/share\/openvpn\/plugin\/lib\/openvpn-auth-pam.so \/etc\/pam.d\/login<br \/>\nclient-cert-not-required<br \/>\nusername-as-common-name<\/p>\n<p>server 10.9.0.0 255.255.255.0<br \/>\nifconfig-pool-persist ipp.txt<br \/>\npush &#8220;redirect-gateway def1&#8221;<br \/>\npush &#8220;dhcp-option DNS 4.2.2.1&#8221;<br \/>\npush &#8220;dhcp-option DNS 4.2.2.2&#8221;<br \/>\nkeepalive 5 30<br \/>\ncomp-lzo<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nstatus server-tcp.log<br \/>\nverb 3<br \/>\n==================================================  =========<\/p>\n<p>setelah semua nya selesai jalankan openvpn nya<\/p>\n<p>[root@iroel openvpn]# openvpn \/etc\/openvpn\/443.conf<\/p>\n<p>[root@iroel openvpn]# openvpn \/etc\/openvpn\/53.conf<\/p>\n<p>Ok sekarang openVPN server sudah siap , sekarang tinggal bagaimana  caranya supaya kita atau client dapat menikmati koneksi seakan-akan  direct connection. Yang kita akan lakukan adalah setting firewall :<\/p>\n<p>1. Enabling packet forwarding dengan command:<br \/>\n[root@iroel openvpn]#echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward<\/p>\n<p>2.Edit NAT table untuk MASQUERADING Command berikut khusus untuk server Dedicated saja:<\/p>\n<p>[root@iroel openvpn]#iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -o eth0 -j MASQUERADE<\/p>\n<p>Sedangkan untuk VPS, command nya adalah sbb:<br \/>\n[root@iroel openvpn]#iptables -t nat -A POSTROUTING -s  10.8.0.0\/24 -o venet0 -j SNAT &#8211;to 70.99.166.214 (ip disesuaikan dengan  ip server anda kebetulan yang saya pakai ip 70.99.166.214)<\/p>\n<p>Download openVPN berbasis GUI , biar gampang jalaninnya<br \/>\n<a href=\"http:\/\/openvpn.se\/files\/install_packages\/openvpn-2.0.9-gui-1.0.3-install.exe\" target=\"_blank\">http:\/\/openvpn.se\/files\/install_pack&#8230;.3-install.exe<\/a><\/p>\n<p>Copy sertifikat2 dari server tadi, yaitu file: ca.crt di direktori \/etc\/openvpn\/keys\/<br \/>\nbiar gampang download aja Winscp buat download file ca.crt<\/p>\n<p>Buat file konfigurasi client openvpn<\/p>\n<p>untuk udp :<br \/>\n==================================================  ==========<br \/>\nclient<br \/>\ndev tun<br \/>\nproto udp<br \/>\nremote 70.99.166.214 53<br \/>\nresolv-retry infinite<br \/>\nroute-method exe<br \/>\nresolv-retry infinite<br \/>\nnobind<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nca ca.crt<br \/>\nauth-user-pass<br \/>\ncomp-lzo<br \/>\nverb 3<br \/>\n==================================================  ==========<\/p>\n<p>untuk tcp port 443<br \/>\n==================================================  ==========<br \/>\nclient<br \/>\ndev tun<br \/>\nproto tcp<br \/>\nremote 70.99.166.214 443<br \/>\nresolv-retry infinite<br \/>\nroute-method exe<br \/>\nresolv-retry infinite<br \/>\nnobind<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nca ca.crt<br \/>\nauth-user-pass<br \/>\ncomp-lzo<br \/>\nverb 3<br \/>\n==================================================  =========<br \/>\ncopy file tersebut di c:\\program files\\openvpn\\config<\/p>\n<p>dah tinggal konekan nya work and tested by me 100% berhasil<br \/>\ntinggal anda yang coba <img decoding=\"async\" alt=\"\" border=\"0\" class=\"inlineimg\" src=\"http:\/\/static.kaskus.us\/images\/smilies\/sumbangan\/14.gif\" title=\"Big Grin\" \/> <\/p>\n<p>opss lupa ini cara add user buat openvpn<br \/>\n[root@iroel ~]# adduser &#8220;iroel&#8221; -m -s \/bin\/false &lt;&lt;&lt;&lt;&lt;&lt;&lt; nama user tanpa tanda petik<br \/>\n[root@iroel ~]# passwd &#8220;iroel&#8221;<br \/>\nChanging password for user iroel.<br \/>\nNew UNIX password: &lt;&lt;&lt;&lt; isi passnya&#8221; enter isi lagi 2 kali biasa nya<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nie mau bagi&#8221; tutorial buat Lw yang belum tau cara buat vpn di vps atau dedicated server SSH.. Lets Go&#8230;. syarat2 nya 1. PC or Notebook 2. Koneksi Internet 3. Server serah mau DS or VPS seng penting akses e root 4. Rokok Sebungkus + Kopi tambah cemilan dikit<\/p>\n","protected":false},"author":3208,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[707],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-internet"],"_links":{"self":[{"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/users\/3208"}],"replies":[{"embeddable":true,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":1,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/posts\/30\/revisions"}],"predecessor-version":[{"id":31,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/posts\/30\/revisions\/31"}],"wp:attachment":[{"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/media?parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/categories?post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/iroel.blog.binusian.org\/index.php\/wp-json\/wp\/v2\/tags?post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}