Configure VPN
 
I. Setting up DMZ to forward all ports from Gateway to Router (Linux box with VPN/Squid)
1. Set up QoS settings on router
2. Ensure that Gateway is on a different subnet from the Router
3. Connet gateway LAN port into the WAN port of router
4. Set the WAN port of router to pull an IP address via DHCP
5. Configure the router IP address to DMZplus mode in the Gateway’s firewall
6. Restart the router
7. Test Internet access from an internal PC
 
II. Install VPN/Squid on a Linux box
1. Install OpenVPN https://www.webhostingtalk.com/showthread.php?t=595436)
yum install openssl openssl-devel
yum install openvpn -y
 
find / -name “easy-rsa”
 
#you should get an output like this…
 
/usr/share/doc/openvpn-2.0.9/easy-rsa
 
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
 
cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
vim vars
 
Find: export KEY_DIR=$D/keys
Change: export KEY_DIR=/etc/openvpn/keys
Change:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=”Santa Ana”
export KEY_ORG=”KimComputer.com”
 
# Now its time to make the certificates, enter these commands
. ./vars
./clean-all
./build-ca
# press enter repeatedly to accept defaults, excetp Common Name, this must be unique
# call it something like kimcomputer.com
./build-key-server server
# Common name = server1
# Challenge password = Mana1978
# ‘y’ to accept signing certificate
 
./build-key client1
# common name = kimcomputer.com-client1
# challenge password = cuilo
 
./build-key client2
# common name = kimcomputer.com-client2
# challenge password = cuilo
 
./build-dh
# will take a long time
 
create a few config files, you can download a template from:
cd /etc/openvpn
wget www.designpc.co.uk/downloads/server.conf
 
# We are almost done now… right we need to create a few config files, you can download from here:
cd /etc/openvpn
wget
vim server.conf
# change: server 10.8.0.0 255.255.255.0 # to: server 192.168.1.5 255.255.255.0
# if everyone will be using the same key, then uncomment this line: ;duplicate-cn
# uncomment: ;log         openvpn.log
# change DNS server IP address
 
# make log file
touch openvpn.log
# make the IP reservation list
touch ipp.txt
 
# You need to make a few changes to OpenVPN itself. Go to..
 
cd /etc/init.d/
vim openvpn
# uncomment this line: echo 1 > /proc/sys/net/ipv4/ip_forward
# add these below
    iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.4 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.5 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.6 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.7 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.8 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.9 -j SNAT –to 99.74.247.163
    iptables -t nat -A POSTROUTING -s 192.168.1.10 -j SNAT –to 99.74.247.163
 
 
iptables -A INPUT -j ACCEPT -s 192.168.1.0/24 -i tun0
iptables -A OUTPUT -j ACCEPT -s 192.168.1.0/24 -o tun0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i tun0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o tun0
iptables -t nat –flush
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT –to 99.74.247.163
 
Gateway Firewall: Forward port 1194 to server1 192.1.1.5
On the client machine, install openVPN client for Windows:
 
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
cd /etc/openvpn/keys
cp ca.crt /home/share
cp client1.csr /home/share
cp client1.key /home/share
cp client1.crt /home/share
# Note /home/share is accessible via SMB so that you can download it to USB Drive
# Put these files in this directory C:\Program Files\OpenVPN\config\ of the Windows Client Machine
 
Make a client config file, client1.opvn and put it in C:\Program Files\OpenVPN\config\
——–
client
dev tun
proto udp
 
#Change my.publicdomain.com to your public domain or IP address
remote kimcomputer.com 1194
 
resolv-retry infinite
nobind
persist-key
persist-tun
 
ca ca.crt
cert client1.crt
key client1.key
 
ns-cert-type server
 
#DNS Options here, CHANGE THESE !!
push “dhcp-option DNS 192.168.1.254”
push “dhcp-option DNS 99.74.247.163”
 
comp-lzo
 
verb 3 
———————————————-
To connect right click
on OpenVPN in the taskbar >> Connect
 
To test ping 192.168.1.254
Categories: