Persyaratan
- VPS / Dedicated server fresh install dengan OS Centos 7
- Akses Root
Pre-Install
Update sistem operasi Centos 7, dan install beberapa tools pendukung.
[admin@openvpn ~]# yum -y update
[admin@openvpn ~]# yum -y install vim tmux net-tools wget git
Install
Download Script Installer OpenVPN untuk Centos 7
[admin@openvpn ~]# wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O openvpn-installer.sh
Kemudian eksekusi script openvpn-installer.sh unutk menginstall OpenVPN di Centos 7
[admin@openvpn ~]# sh openvpn-installer.sh
Output
Welcome to the OpenVPN installer!
The git repository is available at:
https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you
are ok with them.
I need to know the IPv4 address of the network interface you
want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4
address.
IP address: 10.0.0.197 # <-- Fixed IP lokal
It seems this server is behind NAT. What is its public IPv4
address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: IP-PUBLIC #<-- Ganti dengan IP Public masing-masing
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: n
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use
TCP.
1) UDP
2) TCP
Protocol [1-2]: 1
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Russia)
12) Custom
DNS [1-12]: 12 #<-- Jika menggunakan DNS Custom
Primary DNS: 202.162.192.10
Secondary DNS (optional): 202.162.192.11
`
Do you want to use compression? It is not recommended since the
VORACLE attack make use of it.
Enable compression? [y/n]: n
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the
default parameters provided by the script.
Note that whatever you choose, all the choices presented in the
script are safe. (Unlike OpenVPN's defaults)
See
https://github.com/angristan/openvpn-install#security-and-encryption
to learn more.
Customize encryption settings? [y/n]: n
Okay, that was all I needed. We are ready to setup your OpenVPN
server now.
You will be able to generate a client at the end of the
installation.
Press any key to continue...
...
Di potong untuk mempersingkat.
...
Tell me a name for the client.
Use one word only, no special characters.
Client name: OpenVpnUser #<-- User OpenVPN
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1
Client aidil added, the configuration file is available at /root/OpenVpnUser.ovpn. #<-- lokasi file *.ovpn
Download the .ovpn file and import it in your OpenVPN client.
Post-Install
Sampai step ini OpenVPN sudah berhasil kita install di Centos 7 Kemudian kita dapat mengkopy file /root/OpenVpnUser.ovpn ke Desktop atau Device client lain.
Untuk memastikan apakah service OpenVPN sudah berjalan di centos 7, dapat menggunakan perintah berikut.
[admin@openvpn ~]# systemctl status openvpn-server@server
output
openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-11-22 03:58:15 UTC; 3h 59min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 8694 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
└─8694 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: UDPv4 link local (bound): [AF_INET][undef]:1194
22 03:58:15 openvpn.nusa.id openvpn[8694]: UDPv4 link remote: [AF_UNSPEC]
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: GID set to nobody
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: UID set to nobody
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: MULTI: multi_init called, r=256 v=256
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: IFCONFIG POOL LIST
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: Initialization Sequence Completed
Nov 22 07:38:14 openvpn.nusa.id openvpn[8694]: tls-crypt unwrap error: packet too short
Nov 22 07:38:14 openvpn.nusa.id openvpn[8694]: TLS Error: tls-crypt unwrapping failed from [AF_INET]146.88.240.4:5550
Jika Status sudah menunjukkan Active: active (running) artinya service OpenVPN sudah berjalan dengan baik.
Informasi
Demikianlah tutorial bagaimana cara install OpenVPN di Centos 7. Berikut adalah informasi lanjut yang dapat di jadikan sebagai refrensi.
Number and reference :
No comments: