Configuracion Vpn
Páginas: 5 (1081 palabras)
Publicado: 2 de agosto de 2011
Empezemos a luchar como los hombres.
1)Instalacion del paquete openvpn
Tan sencillo como apt-get install openvpn , lo hemos de instalar tanto el cliente como en el servidor.
Debemos asegurarnos que tenemos el controlador tun/tap instalado en el kernel,aunque si tenemos un kernel 2,4,27 o superior, casi seguro que lo tenemos, pero vamos a comprobar si estamos en lo cierto con el comandomodprobe -l | grep ' tun/tap' o con lsmod .
2)Fichero de configuracion del servidor
Está en /etc/openvpn y lo hemos llamado tunel.conf y es asi:
Vim /etc/openvpn/tunel.conf
status openvpn-status.log
log openvpn.log
verb 6
server 10.0.0.0 255.255.255.0 “esta es la red de ip`s virtuales”
ifconfig-pool-persist ipp.txt
dh /etc/openvpn/dh1024.pem
client-config-dir /etc/openvpn/cld
ca/etc/openvpn/keys/mi-ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dev tun
comp-lzo
port 50000
ifconfig 10.0.0.10 10.0.0.83
route 192.168.121.0 255.255.255.0 “red del servidor”
push "route 192.168.120.0 255.255.255.0" “red del cliente”
2.1)Instalacion de openssl para generar certificados.
apt-get install openssl
Nuestro fichero quedo de la siguiente manera:
HOME = .RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where theissued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number filex509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 3650 # duracion para 10 años
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# For the CA policy
[ policy_match ]
countryName = matchstateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = ES #pais
countryName_min = 2
countryName_max = 2stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = LasPalmas #Provincia
localityName = Locality Name (eg, city)
localityName_default = GALDAR #Localidad
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Excmo. Ayuntamiento de Gáldar #nombre de tu organizacion
organizationalUnitName = Organizational Unit Name (eg, section)#organizationalUnitName_default = Dpto. NNTT #nombre de la unidad organizativa
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = tu email
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]...
1)Instalacion del paquete openvpn
Tan sencillo como apt-get install openvpn , lo hemos de instalar tanto el cliente como en el servidor.
Debemos asegurarnos que tenemos el controlador tun/tap instalado en el kernel,aunque si tenemos un kernel 2,4,27 o superior, casi seguro que lo tenemos, pero vamos a comprobar si estamos en lo cierto con el comandomodprobe -l | grep ' tun/tap' o con lsmod .
2)Fichero de configuracion del servidor
Está en /etc/openvpn y lo hemos llamado tunel.conf y es asi:
Vim /etc/openvpn/tunel.conf
status openvpn-status.log
log openvpn.log
verb 6
server 10.0.0.0 255.255.255.0 “esta es la red de ip`s virtuales”
ifconfig-pool-persist ipp.txt
dh /etc/openvpn/dh1024.pem
client-config-dir /etc/openvpn/cld
ca/etc/openvpn/keys/mi-ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dev tun
comp-lzo
port 50000
ifconfig 10.0.0.10 10.0.0.83
route 192.168.121.0 255.255.255.0 “red del servidor”
push "route 192.168.120.0 255.255.255.0" “red del cliente”
2.1)Instalacion de openssl para generar certificados.
apt-get install openssl
Nuestro fichero quedo de la siguiente manera:
HOME = .RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where theissued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number filex509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 3650 # duracion para 10 años
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# For the CA policy
[ policy_match ]
countryName = matchstateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = ES #pais
countryName_min = 2
countryName_max = 2stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = LasPalmas #Provincia
localityName = Locality Name (eg, city)
localityName_default = GALDAR #Localidad
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Excmo. Ayuntamiento de Gáldar #nombre de tu organizacion
organizationalUnitName = Organizational Unit Name (eg, section)#organizationalUnitName_default = Dpto. NNTT #nombre de la unidad organizativa
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = tu email
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]...
Leer documento completo
Regístrate para leer el documento completo.