๐ ๊ฐ์
์์ ์ฌ๋ด์ Fortigate SSL-VPN์ ๊ตฌ์ฑํ์ ์ด ์๋๋ฐ macOS๋ฅผ ์ฌ์ฉํ๋ PC์์๋ ์ ์์ด ์๋๋ ๋ฌธ์ ๊ฐ ์์๋ค.
์ด์ ์์ธ์ ์ ๋ชจ๋ฅด๊ฒ ์ง๋ง ๋น์ฅ ์ ์์ด ํ์ํ ์ํฉ์ด๊ธฐ ๋๋ฌธ์ OpenVPN Server๋ฅผ ๊ตฌ์ถํ์ฌ VPN ํต์ ์ ๊ตฌํํด๋ณด๊ฒ ๋ค.
1. ์ค์ต ํ๊ฒฝ
# ์ค์ต ํ๊ฒฝ
cat /etc/*release*
CentOS Linux release 8.5.2111
Derived from Red Hat Enterprise Linux 8.5
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
CentOS Linux release 8.5.2111
CentOS Linux release 8.5.2111
cpe:/o:centos:centos:8
2. OpenVPN ์๋ฒ ๊ตฌ์ถ
openVPN์ ๊ตฌ์ฑํ linux ์๋ฒ์ ์ ์ ํ ๋ค์ ์์ ์ ์งํํ๋ค.
์ง์ ๊ตฌ์ฑํ๋ ๋ฐฉ์๊ณผ ์ ๊ณตํ๋ ์คํฌ๋ฆฝํธ๋ก ๊ฐํธํ๊ฒ ๊ตฌ์ฑํ๋ ๋ฐฉ์์ด ์๋ค. ๋ณธ์ธ์ ์คํฌ๋ฆฝํธ๋ก ์ค์ ์ ์งํํด๋ณด๊ฒ ๋ค.
# openvpn ์๋์ค์น shell file pull
wget https://git.io/vpn -O openvpn-install.sh
# ํ์ผ ์คํ๊ถํ ๋ถ์ฌ
sudo chmod +x openvpn-install.sh
vpn ์ค์ ์ ์งํํ๋ค.
# ์คํฌ๋ฆฝํธ ์คํ
sudo bash openvpn-install.sh
or
./openvpn-install.sh
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
# OpenVPN์์ ์ฌ์ฉํ IP ์ฃผ์์ด๋ค.
**I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 192.168.100.xxx**
# ๊ณต์ฉ IPv4 ์ฃผ์ ํน์ ํธ์คํธ ์ด๋ฆ์ ์
๋ ฅํ๋ค.
**It seems this server is behind NAT. What is its public IPv4 address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: cwOpenVPN**
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
# IPv6๋ ์ฌ์ฉํ์ง ์๊ฒ ์ค์ ํ๋ค.
Do you want to enable IPv6 support (NAT)? [y/n]: n
# OpenVPN ํฌํธ๋ฅผ ์ค์ ํ๋ค. ๋ณธ์ธ์ ๊ธฐ๋ณธ์ผ๋ก ์ค์ ํ์๋ค.
**What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1**
# ํ๋กํ ์ฝ์ ์ ํํ๋ค.
**What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldnt use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1**
# DNS resolve๋ฅผ ์ ํํ๋ค. ๊ฐ DNS ๋ณ ํน์ง์ด ์์ผ๋ ์ ์ฐพ์๋ณด๊ณ ์ ํํ์.
**What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 11**
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: n
Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...
**Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: cwVPN_Client**
**Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 2**
์ค์ ์ด ์๋ฃ๋๋ฉด ๋ค์๊ณผ ๊ฐ์ด ovpn ํ์ผ์ด ์์ฑ๋๋ค.
ํด๋น ํ์ผ๋ก VPN ์ ๊ทผ์ด ๊ฐ๋ฅํ๋ค.
์ดํ ์๋ฒ ๋ฐฉํ๋ฒฝ์ ํฌํธ๋ฅผ ์ถ๊ฐํ๋ค.
# ํฌํธ ์ถ๊ฐ
firewall-cmd --zone=public --add-port=2294/udp --permanent
firewall-cmd --zone=public --add-port=21194/udp --permanent
firewall-cmd --zone=public --add-port=1194/udp --permanent
# ์ ์ฉ
firewall-cmd --reload
firewall-cmd --list-all
3. Windows์์ Client ์ฐ๊ฒฐ
๋ค์ด๋ก๋ ๋ฐ ์ค์น๋ฅผ ์งํํ๋ค.
https://openvpn.net/community-downloads/
Community Downloads - Open Source VPN | OpenVPN
The OpenVPN community shares the open source OpenVPN. Download the latest version of the open source VPN release OpenVPN 2.6.3 for a secure network.
openvpn.net
๋ค์ด๋ฐ์ cwVPN_Client.ovpn ํ์ผ์ import > ํ์ผ ๋ถ๋ฌ์ค๊ธฐ ๋ก ์ฐ๊ฒฐํ๋ค.
ํ์ผ์ ์์ฑํ ๋ ์ํธ ์ฌ์ฉ ์ค์ ์ ์งํํ์๋ค. ์ํธ๋ฅผ ์ ๋ ฅํ๋ค.
์ฐ๊ฒฐ์ด ์๋ฃ๋์๋ค.
TMI: ์ถ๊ฐ๋ก ์์ธ์ macOS ๋ฌธ์ ๊ฐ ์๋ ํ ๋๋ง/ํซ์คํ์ผ๋ก ์ฐ๊ฒฐํ ๋ฌธ์ ์๋ค. ๋ณดํต ์ด ๊ฒฝ์ฐ ipv6๋ก ์ฐ๊ฒฐ๋๊ธฐ ๋๋ฌธ์ ipv4 ์ฐ๊ฒฐ๋ง ๊ตฌ์ฑํ ๊ธฐ์กด VPN ์ฐ๊ฒฐ์ด ์ฐจ๋จ๋ ๊ฒ์ด๋ค.
์ ์ค์ ์ ๋ณด๋ฉด openvpn๋ ipv6๋ฅผ ๋นํ์ฑํ ํ๊ธฐ ๋๋ฌธ์ ์์ฒญํ PC์์๋ openvpn์ผ๋ก๋ ์ ์์ด ๋ถ๊ฐํ์ ๊ฒ์ด๋ค.
'DevOps > Network_๋คํธ์ํฌ' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
| [VPN] FortiGate(Fortinet) SSL-VPN ์ค์ (0) | 2023.07.18 |
|---|---|
| [NetWork] IPSEC VPN ๊ฐ๋ ๊ณผ 2๊ฐ์ง ๋ชจ๋ (0) | 2023.07.18 |
| [NetWork] SSL VPN ๊ฐ๋ ๊ณผ ์ ํ (0) | 2023.07.17 |
| [NetWork] Alteon L4 ๋ก๋๋ฐธ๋ฐ์ฑ (0) | 2023.03.16 |
| [NetWork] Alteon L4 ๊ธฐ๋ณธ ์ค์ (0) | 2023.03.15 |
