Install Depedensi OpenVPN
apt install openvpn-auth-ldap -y
Konfigurasi Plugin LDAP
cd /etc/openvpn/
mkdir auth
cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf auth/
nano auth/auth-ldap.conf
<LDAP>
URL ldap://10.1.1.20 ##Sesuaikan dengan alamat Server LDAP
BindDN cn=admin,dc=itnsaskills,dc=cloud
Password Skill39 ##Password CN diatas
Timeout 15
FollowReferrals yes
# TLS CA Certificate File(Jika perlu)
#TLSCACertFile /usr/local/etc/ssl/ca.pem
#TLSCACertDir /etc/ssl/certs
#TLSCertFile /usr/local/etc/ssl/client-cert.pem
#TLSKeyFile /usr/local/etc/ssl/client-key.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
BaseDN "ou=VPN,dc=itnsaskills,dc=cloud"
SearchFilter "(uid=%u)"
RequireGroup false
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
#<Group>
#BaseDN "ou=Groups,dc=example,dc=com"
#SearchFilter "(|(cn=developers)(cn=artists))"
#MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
#</Group>
</Authorization>
Konfigurasi Server
cd /etc/openvpn/
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
gunzip server.conf.gz
nano server.conf
local 172.17.1.254 //ip server
port 1194
proto udp
dev tun
ca /etc/ca/cacert.pem //sertifikatCA
cert /etc/ca/lks1.crt //sertifikatServer
key /etc/ca/lks1.key //keyServer# This file should be kept secret
dh /etc/openvpn/dh.pem //DiffieHilmanParameter
server 10.20.30.0 255.255.255.0 //Alokasi IP VPN
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
client-to-client
cipher AES-256-CBC
user nobody
group nogroup
log /var/log/openvpn/openvpn.log
verb 3
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf //wajib
Start Service OpenVPN
service openvpn@server start
systemctl enable openvpn@server //Service Openvpn otomatis nyala ketika boot
Troubleshooting
cek log di /var/log/openvpn/openvpn.log
tail -f /var/log/openvpn/openvpn.log
Be First to Comment