Sections
Actions
Language: 
RSS flow:
RSS flow:
DESMOULINS Jérôme's Blog
Le but de cet article va être de déployer un serveur OpenVPN sur son serveur en moins de 5 minutes chrono.
Tout cela est possible grace à un script semi automatisé. Il vous faut simplement connaître l'adresse IP joignable depuis Internet.
L'installation va se faire en seulement deux étapes, et une supplémentaire pour transférer le fichier de configuration d'OpenVPN sur le PC/téléphone ayant besoin d'accéder au VPN depuis l'extérieur de votre réseau.
Partie Serveur
Pour la partie serveur, il va falloir télécharger le script d'installation et le lancer. Ces deux étapes ne prennent que quelques minutes.
Téléchargement du script
Télécharger le script d'installation d'OpenVPN en lançant la ligne de commande suivante:
wget https://git.io/vpn -O openvpn-install.sh
Le script va alors se télécharger:
root@bananapi:/opt/products# wget wget https://git.io/vpn -O openvpn-install.sh --2018-10-25 06:56:04-- http://wget/ Resolving wget (wget)... failed: Name or service not known. wget: unable to resolve host address ‘wget’ --2018-10-25 06:56:05-- https://git.io/vpn Resolving git.io (git.io)... 52.44.144.199, 52.55.191.55, 52.86.186.182, ... Connecting to git.io (git.io)|52.44.144.199|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh [following] --2018-10-25 06:56:05-- https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh Resolving raw.github.com (raw.github.com)... 151.101.120.133 Connecting to raw.github.com (raw.github.com)|151.101.120.133|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh [following] --2018-10-25 06:56:06-- https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.120.133 Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.120.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 14739 (14K) [text/plain] Saving to: ‘openvpn-install.sh’ openvpn-install.sh 100%[==========================================================================================>] 14.39K --.-KB/s in 0.006s 2018-10-25 06:56:06 (2.29 MB/s) - ‘openvpn-install.sh’ saved [14739/14739] FINISHED --2018-10-25 06:56:06-- Total wall clock time: 2.2s Downloaded: 1 files, 14K in 0.006s (2.29 MB/s)
Installation
Le script d'installation est maintenant téléchargé. Il faut le lancer:
sudo bash openvpn-install.sh
Le script va alors s'exécuter et vous poser quelques questions:
Welcome to this OpenVPN "road warrior" installer!
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
First, provide the IPv4 address of the network interface you want OpenVPN listening to. IP address: This server is behind NAT. What is the public IPv4 address or hostname? Public IP address / hostname: Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol [1-2]: What port do you want OpenVPN listening to? Port: <1194 Laissez le port par défaut> Which DNS do you want to use with the VPN? 1) Current system resolvers 2) 1.1.1.1 3) Google 4) OpenDNS 5) Verisign DNS [1-5]: <1. Laissez par défaut> Finally, tell me your name for the client certificate. Please, use one word only, no special characters. Client name: Okay, that was all I needed. We are ready to set up your OpenVPN server now. Press any key to continue...
Vous venez de passer le plus dur. On appuie maintenant sur une touche, pour que le script télécharge et configure tout ce qui est nécessaire:
Hit:1 http://ports.ubuntu.com bionic InRelease
Get:2 http://ports.ubuntu.com bionic-security InRelease [83.2 kB]
Get:4 http://ports.ubuntu.com bionic-updates InRelease [88.7 kB]
Get:5 http://ports.ubuntu.com bionic-backports InRelease [74.6 kB]
Hit:3 https://apt.armbian.com bionic InRelease
Get:6 http://ports.ubuntu.com bionic-security/main armhf Packages [159 kB]
Get:7 http://ports.ubuntu.com bionic-security/universe armhf Packages [110 kB]
Get:8 http://ports.ubuntu.com bionic-updates/main armhf Packages [433 kB]
Get:9 http://ports.ubuntu.com bionic-updates/universe armhf Packages [579 kB]
Fetched 1,527 kB in 4s (381 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20180409).
iptables is already the newest version (1.6.1-2ubuntu2).
openssl is already the newest version (1.1.0g-2ubuntu4.1).
The following package was automatically installed and is no longer required:
libnl-route-3-200
Use 'sudo apt autoremove' to remove it.
The following additional packages will be installed:
libpkcs11-helper1
Suggested packages:
easy-rsa
The following NEW packages will be installed:
libpkcs11-helper1 openvpn
0 upgraded, 2 newly installed, 0 to remove and 11 not upgraded.
Need to get 467 kB of archives.
After this operation, 997 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com bionic/main armhf libpkcs11-helper1 armhf 1.22-4 [38.2 kB]
Get:2 http://ports.ubuntu.com bionic-updates/main armhf openvpn armhf 2.4.4-2ubuntu1.1 [429 kB]
Fetched 467 kB in 0s (955 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libpkcs11-helper1:armhf.
(Reading database ... 38774 files and directories currently installed.)
Preparing to unpack .../libpkcs11-helper1_1.22-4_armhf.deb ...
Unpacking libpkcs11-helper1:armhf (1.22-4) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../openvpn_2.4.4-2ubuntu1.1_armhf.deb ...
Unpacking openvpn (2.4.4-2ubuntu1.1) ...
Setting up libpkcs11-helper1:armhf (1.22-4) ...
Setting up openvpn (2.4.4-2ubuntu1.1) ...
* Restarting virtual private network daemon. [ OK ]
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service.
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.3) ...
Processing triggers for man-db (2.8.3-2) ...
Using SSL: openssl OpenSSL 1.1.0g 2 Nov 2017
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
Generating RSA private key, 2048 bit long modulus
.........................................................+++
...........................................+++
e is XXXXX (0x01XXXX)
Using SSL: openssl OpenSSL 1.1.0g 2 Nov 2017
Generating a 2048 bit RSA private key
...............................................................+++
......+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/server.key.XXXXXXXXXXXXXXXXX'
-----
Using configuration from ./safessl-easyrsa.cnf
Can't open /etc/openvpn/easy-rsa/pki/index.txt.attr for reading, No such file or directory
3069337616:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('/etc/openvpn/easy-rsa/pki/index.txt.attr','r')
3069337616:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Oct 22 07:01:26 2028 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Using SSL: openssl OpenSSL 1.1.0g 2 Nov 2017
Generating a 2048 bit RSA private key
...............................................+++
............+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/home.key.XXXXXXXX'
-----
Using configuration from ./safessl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'home'
Certificate is to be certified until Oct 22 07:01:29 2028 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Using SSL: openssl OpenSSL 1.1.0g 2 Nov 2017
Using configuration from ./safessl-easyrsa.cnf
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
232
Finished!
Your client configuration is available at: /home/xxxxxxx/myhome.ovpn
If you want to add more clients, you simply need to run this script again!
C'est terminé pour l'installation du serveur. Garder le fichier ovpn généré. Vous allez devoir le transférer sur vos périphériques qui voudront se connecter à votre VPN.
Partie Client
Installez OpenVPN client (Windows, Android, Mac, Linux, etc...), puis copiez votre fichier ovpn sur ce périphérique. Choisissez ce fichier pour vous connecter.
Si vous utilisez sslh, vous devez modifier le fichier ovpn, et remplacer 1194 par 443 avant de l'utiliser (si votre sslh écoute sur le port 443, par exemple).
Et voilà. Terminé le temps interminable pour configurer son petit VPN domestique.