Ubuntu-20.04에 OpenVPN 설치하기



  Environment
    Device : Odroid-HC2
    OS : Ubuntu-20.04
    Host : test(192.168.101.100/24)
    VPN Network : 10.8.0.0/24





    파일 정보
      ca.crt : CA(Certificate Authority) crt
      dh2048.pem : DH(Diffie-Hellman) parameters
      ta.key : tls-auth key
      test.key : OpenVPN Server key
      test.crt : OpenVPN Server crt
      test.conf : Server 설정
      test-1.key : OpenVPN Client-1 key
      test-1.crt : OpenVPN Client-1 crt
      test-1.ovpn : OpenVPN Client-1 설정
      test-2.key : OpenVPN Client-2 key
      test-2.crt : OpenVPN Client-2 crt
      test-2.ovpn : OpenVPN Client-2 설정


1. VPN용 계정 생성


$ sudo adduser vpn
$ sudo nano /etc/group
Chanage Connfiguration
sudo:x:27:odroid,test
==>
sudo:x:27:odroid,test,vpn
su vpn

2. Openvpn 설치


$ sudo apt install openvpn easy-rsa -y
3. CA(Certificate Authority) 생성
$ ls
$ make-cadir easy-rsa
$ ls
$ cd easy-rsa
$ cp vars vars.orig
$ nano vars
설정 변경
#set_var EASYRSA_REQ_COUNTRY    "US"
#set_var EASYRSA_REQ_PROVINCE   "California"
#set_var EASYRSA_REQ_CITY       "San Francisco"
#set_var EASYRSA_REQ_ORG        "Copyleft Certificate Co"
#set_var EASYRSA_REQ_EMAIL      "me@example.net"
#set_var EASYRSA_REQ_OU         "My Organizational Unit
==>
set_var EASYRSA_REQ_COUNTRY    "US"
set_var EASYRSA_REQ_PROVINCE   "NY"
set_var EASYRSA_REQ_CITY       "NY"
set_var EASYRSA_REQ_ORG        "TEST"
set_var EASYRSA_REQ_EMAIL      "test@test.com"
set_var EASYRSA_REQ_OU         "TEST"
$ ./easyrsa init-pki
$ ./easyrsa build-ca
$ cp ./pki/ca.crt ~/

4. 서버용 Key 생성


$ ./easyrsa gen-req test nopass
$ ./easyrsa sign-req server test
$ cp ./pki/private/test.key ./pki/issued/test.crt ~/

5. DH(Diffie-Hellman) 생성


$ ./easyrsa gen-dh
$ cp ./pki/dh.pem ~/dh2048.pem

6. tls-auth key (ta.key) 생성


$ openvpn --genkey --secret ta.key
$ cp ./ta.key ~/

7. IP Forward 설정


$ sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
$ sudo nano /etc/sysctl.conf
Chanage Configuration
#net.ipv4.ip_forward=1
==>
net.ipv4.ip_forward=1
$ sudo sysctl -p

8. 서버측 설정


$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ./
$ gzip -d server.conf.gz
$ cp server.conf test.conf
$ nano test.conf
설정 변경
cert server.crt
key server.key  # This file should be kept secret
==>
cert test.crt
key test.key  # This file should be kept secret
server 10.8.0.0 255.255.255.0
==>
server 10.8.0.0 255.255.255.0
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
==>
push "route 192.168.101.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
==>
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
==>
push "dhcp-option DNS 192.168.101.210"
push "dhcp-option DNS 8.8.8.8"
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
$ cp test.conf ~/

9. 클라이언트 설정


클라이언트1용 Key 생성
$ ./easyrsa gen-req test-1 nopass
$ ./easyrsa sign-req client test-1
$ cp ./pki/issued/test-1.crt pki/private/test-1.key ~/
클라이언트2용 Key 생성
$ ./easyrsa gen-req test-2 nopass
$ ./easyrsa sign-req client test-2
$ cp ./pki/issued/test-2.crt pki/private/test-2.key ~/

10. 클라이언트용 OpenVPN 설정



    Environment
      Remote Server : XXX.XXXX.XXX
      Remote Port : YYYY


$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./
$ cp client.conf ~/test-1.ovpn
$ cp client.conf ~/test-2.ovpn
$ cd ~/
$ nano test-1.opvn
설정 변경
remote my-server-1 1194
==>
remote XXX.XXXX.XXX  YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-1.crt
key test-1.key
$ nano test-1.opvn
설정 변경
remote my-server-1 1194
==>
remote XXX.XXXX.XXX  YYYY
;user nobody
;group nogroup
==>
;user nobody
;group nogroup
cert client.crt
key client.key
==>
cert test-2.crt
key test-2.key

11. OpenVPN 서버 서비스 기동


$ sudo ls /etc/openvpn/
$ sudo cp ca.crt dh2048.pem ta.key test*.* /etc/openvpn/
$ sudo ls /etc/openvpn/
$ sudo systemctl start openvpn@test
$ sudo journalctl -u openvpn@test -xe

12. OpenVPN 클라이언트 기동


서버 측 네트워크 장비(공유기 등) 설정 변경
클라이언트에 파일 복사
클라이언트에 OpenVPN 설치