SlideShare una empresa de Scribd logo
1 de 17
Descargar para leer sin conexión
Interconectarea sediilor companiei
                   Emil CHERICHEȘ
            Geek Meet #3 Tîrgu Mureș
                  12 Decembrie 2009
Situația
Linux
Distribuția folosită
su -c 'rpm -Uvh
http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-
5-3.noarch.rpm'

http://fedoraproject.org/wiki/EPEL



EPEL
Extra Packages for Enterprise Linux
OpenVPN
# yum install openvpn
/etc/init.d/tunctl
     #! /bin/bash
     #
     # network        Bring up/down tun0
     #
     # chkconfig: 2345 9 90
     # description: Activates/Deactivates tap0.
     #
     case $1 in
     start)
            /usr/sbin/tunctl -t tap0
     ;;
     stop)
            /usr/sbin/tunctl -d tap0
     ;;
       *)
            echo $"Usage: $0 {start|stop}"
            exit 1
     Esac
     exit $rc

chkconfig tunctl on


Interfețele TAP
Interfețele de rețea virtuale pe care comunică OpenVPN
yum install bridge-utils tunctl
 cd /etc/sysconfig/network-scripts/
 cp ifcfg-eth0 ifcfg-br0


ifcfg-eth0:            ifcfg-br0:           ifcfg-tap0:
DEVICE=eth0            DEVICE=br0           DEVICE=tap0
BOOTPROTO=static       TYPE=Bridge          BOOTPROTO=static
BRIDGE=br0             BOOTPROTO=static     ONBOOT=yes
HWADDR=08:00:27:       IPADDR=192.168.1.1   BRIDGE=br0
A1:51:87               NETMASK=255.255.2
ONBOOT=yes             55.0
TYPE=Ethernet          ONBOOT=yes




Rețeaua
Configurarea bridge-ului
ca.crt



OpenSSL
Generarea certificatelor
gw1.crt gw1.key



OpenSSL
Generarea certificatelor
gw2.crt gw2.key



OpenSSL
Generarea certificatelor
dh1024.pem



OpenSSL
Generarea certificatelor
Server                                 Client
    ca.crt                                 ca.crt
    gw1.crt                                gw2.crt
    gw1.key                                gw2.key
    dh1024.pem
                            /etc/openvpn

           /usr/share/doc/openvpn-2.1/sample-config-files/



certificatele
care unde trebuie puse
port 1194
 proto udp
 dev tap0
 ca ca.crt
 cert gw1.crt
 key gw1.key
 dh dh1024.pem
 server-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235
 client-to-client
 keepalive 10 120
 comp-lzo
 persist-key
 persist-tun
 status openvpn-status.log
 verb 3




server.conf
Serverul OpenVPN
client
 dev tap0
 proto udp
 remote GW1_PUBLIC_IP 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert gw2.crt
 key gw2.key
 ns-cert-type server
 comp-lzo
 verb 3



client.conf
Clientul OpenVPN
service openvpn start
               chkconfig openvpn on



startup
Pornirea servicului și setarea inițializării sistemului
Situația
Mulțumesc
      Emil CHERIHCHEȘ
http://emil.cheriches.ro

Más contenido relacionado

La actualidad más candente

OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
Sim Janghoon
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
Green Jb
 
Building a moat bastion server
Building a moat   bastion serverBuilding a moat   bastion server
Building a moat bastion server
nseemiller
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 

La actualidad más candente (20)

OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
 
QUIC
QUICQUIC
QUIC
 
Sdnds tw-meetup-2
Sdnds tw-meetup-2Sdnds tw-meetup-2
Sdnds tw-meetup-2
 
Sistemas operacionais 8
Sistemas operacionais 8Sistemas operacionais 8
Sistemas operacionais 8
 
Building a moat bastion server
Building a moat   bastion serverBuilding a moat   bastion server
Building a moat bastion server
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUIC
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 

Similar a OpenVPN

ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
redhat9
 

Similar a OpenVPN (20)

3 manual installation of open vpn
3 manual installation of open vpn3 manual installation of open vpn
3 manual installation of open vpn
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Kickstart
KickstartKickstart
Kickstart
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous docker
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFi
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

OpenVPN

  • 1. Interconectarea sediilor companiei Emil CHERICHEȘ Geek Meet #3 Tîrgu Mureș 12 Decembrie 2009
  • 4. su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- 5-3.noarch.rpm' http://fedoraproject.org/wiki/EPEL EPEL Extra Packages for Enterprise Linux
  • 6. /etc/init.d/tunctl #! /bin/bash # # network Bring up/down tun0 # # chkconfig: 2345 9 90 # description: Activates/Deactivates tap0. # case $1 in start) /usr/sbin/tunctl -t tap0 ;; stop) /usr/sbin/tunctl -d tap0 ;; *) echo $"Usage: $0 {start|stop}" exit 1 Esac exit $rc chkconfig tunctl on Interfețele TAP Interfețele de rețea virtuale pe care comunică OpenVPN
  • 7. yum install bridge-utils tunctl cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-br0 ifcfg-eth0: ifcfg-br0: ifcfg-tap0: DEVICE=eth0 DEVICE=br0 DEVICE=tap0 BOOTPROTO=static TYPE=Bridge BOOTPROTO=static BRIDGE=br0 BOOTPROTO=static ONBOOT=yes HWADDR=08:00:27: IPADDR=192.168.1.1 BRIDGE=br0 A1:51:87 NETMASK=255.255.2 ONBOOT=yes 55.0 TYPE=Ethernet ONBOOT=yes Rețeaua Configurarea bridge-ului
  • 12. Server Client ca.crt ca.crt gw1.crt gw2.crt gw1.key gw2.key dh1024.pem /etc/openvpn /usr/share/doc/openvpn-2.1/sample-config-files/ certificatele care unde trebuie puse
  • 13. port 1194 proto udp dev tap0 ca ca.crt cert gw1.crt key gw1.key dh dh1024.pem server-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 server.conf Serverul OpenVPN
  • 14. client dev tap0 proto udp remote GW1_PUBLIC_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert gw2.crt key gw2.key ns-cert-type server comp-lzo verb 3 client.conf Clientul OpenVPN
  • 15. service openvpn start chkconfig openvpn on startup Pornirea servicului și setarea inițializării sistemului
  • 17. Mulțumesc Emil CHERIHCHEȘ http://emil.cheriches.ro