Ubuntu Server Guide Changes, errors and bugs
Simple Server Configuration
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
|
Simple Server Configuration
Along with your OpenVPN installation you got these sample config files (and many more if you check): r o o t @ s e r v e r :/# l s − l / u s r / s h a r e / doc / openvpn / examples / sample−c o n f i g − f i l e s / t o t a l 68 −rw−r−−r−− 1 r o o t r o o t 3427 2011−07−04 1 5 : 0 9 c l i e n t . c o n f −rw−r−−r−− 1 r o o t r o o t 4141 2011−07−04 1 5 : 0 9 s e r v e r . c o n f . gz Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf. sudo cp / u s r / s h a r e / doc / openvpn / examples / sample−c o n f i g − f i l e s / s e r v e r . c o n f . gz / e t c / openvpn / myserver . c o n f . gz sudo g z i p −d / e t c / openvpn / myserver . c o n f . gz Edit /etc/openvpn/myserver.conf to make sure the following lines are pointing to the certificates and keys you created in the section above. ca ca . c r t c e r t myservername . c r t key myservername . key dh dh2048 . pem Complete this set with a ta key in etc/openvpn for tls-auth like: sudo openvpn −−genkey −−s e c r e t t a . key Edit /etc/ sysctl .conf and uncomment the following line to enable IP forwarding. #n e t . i p v 4 . ip_forward=1 Then reload sysctl. sudo s y s c t l −p / e t c / s y s c t l . c o n f 214 That is the minimum you have to configure to get a working OpenVPN server. You can use all the default settings in the sample server.conf file. Now start the server. Be aware that the “systemctl start openvpn” is not starting your openvpn you just defined. Openvpn uses templatized systemd jobs, openvpn@CONFIGFILENAME. So if for example your configuration file is myserver.conf your service is called openvpn@myserver. You can run all kinds of service and systemctl commands like start/stop/enable/disable/preset against a templatized service like openvpn@server. $ sudo s y s t e m c t l s t a r t openvpn@myserver You will find logging and error messages in the journal. For example, if you started a templatized service openvpn@server you can filter for this particular message source with: sudo j o u r n a l c t l −u openvpn@myserver −xe The same templatized approach works for all of systemctl: $ sudo s y s t e m c t l s t a t u s openvpn@myserver openvpn@myserver . s e r v i c e − OpenVPN c o n n e c t i o n t o myserver Loaded : l o a d e d ( / l i b / systemd / system /openvpn@ . s e r v i c e ; d i s a b l e d ; vendor p r e s e t : e n a b l e d ) A c t i v e : a c t i v e ( r u n ni n g ) s i n c e Thu 2019−10−24 1 0 : 5 9 : 2 5 UTC; 10 s ago Docs : man : openvpn ( 8 ) h t t p s : / / community . openvpn . n e t / openvpn / w i k i /Openvpn24ManPage h t t p s : / / community . openvpn . n e t / openvpn / w i k i /HOWTO Main PID : 4138 ( openvpn ) S t a t u s : ” I n i t i a l i z a t i o n Sequence Completed ” Tasks : 1 ( l i m i t : 5 3 3 ) Memory : 1 . 0M CGroup : / system . s l i c e / system−openvpn . s l i c e / openvpn@myserver . s e r v i c e �� 4138 / u s r / s b i n / openvpn −−daemon ovpn−myserver −−s t a t u s / run / openvpn / myserver . s t a t u s 10 −−cd / e t c / openvpn −−s c r i p t −s e c u r i t y 2 −− c o n f i g / e t c / openvpn / myserver . c o n f −−w r i t e p i d / run / Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : / s b i n / i p addr add dev tun0 l o c a l 1 0 . 8 . 0 . 1 p e e r 1 0 . 8 . 0 . 2 Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : / s b i n / i p r o u t e add 1 0 . 8 . 0 . 0 / 2 4 v i a 1 0 . 8 . 0 . 2 Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : Could not d e t e r m i n e IPv4 / IPv6 p r o t o c o l . Using AF_INET Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : S o c k e t B u f f e r s : R =[212992 − >212992] S=[212992 − >212992] Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : UDPv4 l i n k l o c a l ( bound ) : [ AF_INET ] [ undef ] : 1 1 9 4 Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : UDPv4 l i n k remote : [ AF_UNSPEC] Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : MULTI: m u l t i _ i n i t c a l l e d , r =256 v=256 Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : IFCONFIG POOL: b a s e = 1 0 . 8 . 0 . 4 s i z e =62 , i p v 6=0 Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : IFCONFIG POOL LIST Oct 24 1 0 : 5 9 : 2 6 eoan−vpn−s e r v e r ovpn−myserver [ 4 1 3 8 ] : I n i t i a l i z a t i o n Sequence Completed You can enable/disable various openvpn services on one system, but you could also let Ubuntu do it for you. There is config for AUTOSTARTin /etc/default/openvpn. Allowed values are “all”, “none” or space 215 separated list of names of the VPNs. If empty, “all” is assumed. The VPN name refers to the VPN configutation file name. i.e. home would be /etc/openvpn/home.conf If you’re running systemd, changing this variable will require running systemctl daemon−reload followed by a restart of the openvpn service (if you removed entries you may have to stop those manually). After “systemctl daemon-reload” a restart of the “generic” openvpn will restart all dependent services that the generator in /lib/systemd/system-generators/openvpn-generator created for your conf files when you called daemon-reload. Now check if OpenVPN created a tun0 interface: r o o t @ s e r v e r : / e t c / openvpn# i p addr show dev tun0 5 : tun0 : mtu 1500 q d i s c f q _ c o d e l s t a t e UNKNOWN group d e f a u l t q l e n 100 l i n k / none i n e t 1 0 . 8 . 0 . 1 p e e r 1 0 . 8 . 0 . 2 / 3 2 s c o p e g l o b a l tun0 v a l i d _ l f t f o r e v e r p r e f e r r e d _ l f t f o r e v e r i n e t 6 f e 8 0 : : b5ac : 7 8 2 9 : f 3 1 e : 3 2 c5 /64 s c o p e l i n k s t a b l e −p r i v a c y v a l i d _ l f t f o r e v e r p r e f e r r e d _ l f t f o r e v e r Download 1.27 Mb. Do'stlaringiz bilan baham: 
|