Linux VPN Archives - Gkhan Tips

VPN Solution on Linux

How to public any service without public ip using OPENVPN.

Some time we want to publish our website or any service from our desktop to internet . Then we require public IP to publish our services on the internet.

So resolve this issue we can user third party services like PORTMAP.IO this gives you ability to publish your services over the internet using OPEN VPN Client.

For more information visit there website https://portmap.io/

How to configure SSL VPN on OPENVPN

If you want to configure openvpn on SSL port below are the example for server and client side.

Server side configuration

local 192.168.1.250
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
#server-ipv6 fddd:1194:1194:1194::/64
#push "redirect-gateway def1 ipv6 bypass-dhcp"  ## To avoid all internet traffic except VPN## 
push "route 192.168.29.0 255.255.255.0"         ## To advertise Network ##
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.29.254"
#push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
duplicate-cn                                    ##To use single certificate for multiple user#
group nobody
persist-key
persist-tun
verb 3
crl-verify crl.pem

Continue reading How to configure SSL VPN on OPENVPN

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need to backup the current crl.pem file before creating a new one.

The location of the crl.pem file at /etc/openvpn/

#mv crl.pem crl.pem.back

Now go to easy-rsa folder

# cd easy-rsa

now generate crl.pem

# ./easyrsa gen–crl

Now copy the new crl.pem to openvpn folder

# cp –pr /etc/openvpn/easy–rsa/pki/crl.pem

Now restart openvpn service

source link :- https://www.jobishmathew.me/openvpn-crl-has-expired/

OPENVPN Logs

OPENVPN Logs
To troubleshoot connection issues check below logs

grep the client name in /var/log/messages
# grep VPN /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages

GL-inet allow clients access from other Network

GL-inet allow clients ( behind the LAN ) access from other Network

Edit the firewall add following lines

vi /etc/config/firewall

config forwarding
 option dest 'lan'
 option src 'VPN_client'

Restart firewall service

/etc/init.d/firewall restart

How to install PPTP Server on Cent OS

Step-1 Forward GRE protocol and TCP port 1723 through your firewall

Step-2 Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Step-3 Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Step-4 Configure Routing

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Step-5 Make the changes active

sysctl -p

Step-6 Install PPTP Server

yum install ppp pptpd

Step-7 Configure the service to start on boot

chkconfig –levels 345 pptpd on
Step-7 Configure Client Network Options change IP address according to your requirement

Modify /etc/pptpd.conf

localip 10.10.11.1
remoteip 10.10.11.5-100

Modify /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220

Step-8 Configure Client Access

You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

Edit /etc/ppp/chap-secrets.

# Secrets for authentication using CHAP
# client server secret IP addresses
test-user * test-password *

Step-9 Start the Server

Start the pptpd service

service pptpd start

Step-10 Configure the Client

source link

Gkhan Tips

Category: Linux VPN

OpenVPN CRL has expired