Cara Mudah Install OpenVPN di Debian 10

Posted on

OpenVPN adalah salah satu tools personal VPN yang dapat kita install di VPS atau Server yang kita miliki. Dengan OpenVPN kita dapat menyembunyikan IP yang kita miliki saat browsing.

Dengan OpenVPN juga kita dapat melakukan browsing ke situs-situs xxx atau situs-situs yang di blokir oleh Menkominfo.

Selain itu kita juga dapat melakukan koneksi ke VPS yang tidak memiliki IP berupa IPV4 dan hanya memiliki IPV6 only. Seperti VPS Gratis dari EUServ.com. (Baca Cara Mudah Mendapatkan VPS Gratis dari euserv.com)

Nah bagaimana cara melakukan installasi OpenVPN di Debian 10? Berikut cara mudah install OpenVPN di Debian 10.

Prerequirest

Cara Mudah Melakukan Instalasi OpenVPN di Debian 10

Step 1 – Login ke VPS Debian 10

Login ke vps debian 10 menggunakan id root anda menggunakan putty atau jika anda menggunakan windows 10 anda bisa langsung connect menggunakan CMD

Content ID - Melakukan koneksi SSH menggunakan cmd (Comand Promt)
Content ID – Melakukan koneksi SSH menggunakan cmd (Comand Promt)

Step 2 – Update VPS Debian 10

Lakukan update pada VPS Debian 10 anda menggunakan perintah

{[email protected]:~ }$ sudo apt update
{[email protected]:~ }$ sudo apt upgrade

Step 3 – Check IP

Cek ip yang diberikan oleh VPS provider anda menggunakan perintah

{contentdeb10:~ }$ ip a
{[email protected]:~ }$ ip a show eth0

Step 4 – Download script installasi OpenVPN untuk Debian 10

{[email protected]:~ }$ wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O debian10-vpn.sh

Step 5 – Rubah permition script debian10-vpn.sh

Rubah permition script instalasi agar bisa di eksekusi dengan memberikan perintah chmod +x

{[email protected]:~ }$ chmod +x debian10-vpn.sh

Step 6 – Exekusi script debian10-vpn.sh

{[email protected]:~ }$ sudo ./debian10-vpn.sh

Step 7 – Proses Instalasi

Lanjutkan proses instalasi dengan mengikuti petunjuk yang diberikan

Content id - Proses Instalasi OpenVPN di Debian 10
Content id – Proses Instalasi OpenVPN di Debian 10

Step 8 – Tambahkan user untuk akses openvpn

Tambahkan user untuk akses ke openvpn. Berikan nama sesuai dengan keinginan anda.

Content ID - Menambahkan user untuk akses openvpn
Content ID – Menambahkan user untuk akses openvpn

Step 9 – Proses Selesai

Proses instalasi openvpn selesai. OpenVPN yang sudah di install di VPS sudah dapat dipakai. Tambahkan user sebanyak yang anda inginkan dengan perintah

{[email protected]:~ }$ ./debian10-vpn.sh

Content ID - Menambahkan user baru ke openvpn
Content ID – Menambahkan user baru ke openvpn

Cara melakukan start dan stop openvpn

HOW DO I START/STOP/RESTART OPENVPN SERVER ON DEBIAN 10 ?

{[email protected]:~ }$ sudo systemctl stop [email protected]server # <--- stop server
{[email protected]:~ }$ sudo systemctl start [email protected]server # <--- start server
{[email protected]:~ }$ sudo systemctl restart [email protected]server # <--- restart server
{[email protected]:~ }$ sudo systemctl status [email protected]server # <--- get server status

Cara Mudah Menggunakan OpenVPN

Step 1 – Download dan install client OpenVPN di sini

Step 2 – Copy file yang telah dibuat misalnya “content.ovpn” ke komputer anda

Step 3 – Kalau tidak bisa di-copy gunakan perintah cat untuk membuka file. Block dan bawa ke notepad.

{[email protected]:~ } cat content.ovpn
client
proto udp
remote 66.42.xxx.xxx 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_zog3tmYcwC9nTFVV name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-crypt>

Step 4 – Copy dan paste ke notepad

Copy dan paste hasil cat tadi ke notepad dan simpan dengan nama sesuai pilihan anda misalnya “content.ovpn”

Content ID - save file dengan menggunakan nama content.ovpn dan simpan di folder yang anda inginkan
Content ID – save file dengan menggunakan nama content.ovpn dan simpan di folder yang anda inginkan

Step 5 – Import file content.ovpn ke program OpenVPN GUI

Import file konfigurasi (content.ovpn) yang sudah anda simpan tadi ke OpenVPN GUI

Content ID - Import file content.ovpn ke OpenVPN GUI
Content ID – Import file content.ovpn ke OpenVPN GUI

Step 6 – Connect ke VPN yang sudah anda install

Lakukan koneksi Komputer anda dengan OpenVPN yang telah anda install

Connect ke OpenVPN
Connect ke OpenVPN

Step 7 – Check Koneksi dan IP Address

Check koneksi anda dan lakukan pengecekan IP Address ke situs check ip address kesukaan anda misalnya whatismyipaddress

Content ID - Check IP Address setelah koneksi ke openvpn
Content ID – Check IP Address setelah koneksi ke openvpn

Penutup Cara Mudah Install OpenVPN di Debian 10

Nah cukup mudah bukan cara mudah melakukan instalasi OpenVPN server di Debian 10. Dengan menggunakan OpenVPN anda dapat mengakses situs-situs yang di blokir oleh Menkominfo.

Selain itu dengan OpenVPN anda juga dapat membuka situs yang hanya bisa diakses menggunakan IPV6 only seperti ipv6.google.com

Anda juga dapat mengakses server anda yang hanya menggunakan IPV6 only seperti VPS gratis dari EUServ.com.

Proces Jalannya Instalasi OpenVPN di Debian 10

[email protected]:~# ./debian10-vpn.sh
TUN is not available
[email protected]:~# ./debian10-vpn.sh
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 172.16.120.129

It seems this server is behind NAT. What is its public IPv4 address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: 45.61.xxx.xxx

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 2
Custom port [1-65535]: 1194

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Russia)
12) NextDNS (Worldwide)
13) Custom
DNS [1-12]: 3

Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...
Hit http://security.debian.org jessie/updates InRelease
Ign http://ftp.debian.org jessie InRelease
Hit http://ftp.debian.org jessie-updates InRelease
Hit http://ftp.debian.org jessie Release.gpg
Hit http://security.debian.org jessie/updates/main amd64 Packages
Hit http://security.debian.org jessie/updates/contrib amd64 Packages
Hit http://ftp.debian.org jessie-updates/main amd64 Packages
Hit http://security.debian.org jessie/updates/non-free amd64 Packages
Hit http://ftp.debian.org jessie-updates/contrib amd64 Packages
Hit http://ftp.debian.org jessie-updates/non-free amd64 Packages
Hit http://ftp.debian.org jessie-updates/contrib Translation-en
Hit http://security.debian.org jessie/updates/contrib Translation-en
Hit http://security.debian.org jessie/updates/main Translation-en
Hit http://ftp.debian.org jessie-updates/main Translation-en
Hit http://ftp.debian.org jessie-updates/non-free Translation-en
Hit http://security.debian.org jessie/updates/non-free Translation-en
Hit http://ftp.debian.org jessie Release
Hit http://ftp.debian.org jessie/main amd64 Packages
Hit http://ftp.debian.org jessie/contrib amd64 Packages
Hit http://ftp.debian.org jessie/non-free amd64 Packages
Hit http://ftp.debian.org jessie/contrib Translation-en
Hit http://ftp.debian.org jessie/main Translation-en
Hit http://ftp.debian.org jessie/non-free Translation-en
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
gnupg is already the newest version.
ca-certificates is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
converted 'https://swupdate.openvpn.net/repos/repo-public.gpg' (ANSI_X3.4-1968) -> 'https://swupdate.openvpn.net/repos/repo-public.gpg' (UTF-8)
--2020-03-18 07:52:01-- https://swupdate.openvpn.net/repos/repo-public.gpg
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.188.225, 104.18.187.225
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.188.225|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1806 (1.8K) [binary/octet-stream]
Saving to: 'STDOUT'

- 100%[===================================================>] 1.76K --.-KB/s in 0s

2020-03-18 07:52:01 (79.9 MB/s) - written to stdout [1806/1806]

OK
Hit http://security.debian.org jessie/updates InRelease
Hit http://security.debian.org jessie/updates/main amd64 Packages
Get:1 http://build.openvpn.net jessie InRelease [3214 B]
Hit http://security.debian.org jessie/updates/contrib amd64 Packages
Hit http://security.debian.org jessie/updates/non-free amd64 Packages
Hit http://security.debian.org jessie/updates/contrib Translation-en
Hit http://security.debian.org jessie/updates/main Translation-en
Hit http://security.debian.org jessie/updates/non-free Translation-en
Ign http://ftp.debian.org jessie InRelease
Hit http://ftp.debian.org jessie-updates InRelease
Get:2 http://build.openvpn.net jessie/main amd64 Packages [1234 B]
Hit http://ftp.debian.org jessie Release.gpg
Hit http://ftp.debian.org jessie-updates/main amd64 Packages
Hit http://ftp.debian.org jessie-updates/contrib amd64 Packages
Hit http://ftp.debian.org jessie-updates/non-free amd64 Packages
Hit http://ftp.debian.org jessie-updates/contrib Translation-en
Ign http://build.openvpn.net jessie/main Translation-en
Hit http://ftp.debian.org jessie-updates/main Translation-en
Hit http://ftp.debian.org jessie-updates/non-free Translation-en
Hit http://ftp.debian.org jessie Release
Hit http://ftp.debian.org jessie/main amd64 Packages
Hit http://ftp.debian.org jessie/contrib amd64 Packages
Hit http://ftp.debian.org jessie/non-free amd64 Packages
Hit http://ftp.debian.org jessie/contrib Translation-en
Hit http://ftp.debian.org jessie/main Translation-en
Hit http://ftp.debian.org jessie/non-free Translation-en
Fetched 4448 B in 1s (2332 B/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
iptables is already the newest version.
ca-certificates is already the newest version.
openssl is already the newest version.
wget is already the newest version.
The following extra packages will be installed:
easy-rsa libccid libcurl3 liblzo2-2 libpcsclite1 libpkcs11-helper1 librtmp1 libssh2-1 libusb-1.0-0 opensc
opensc-pkcs11 pcscd
Suggested packages:
pcmciautils resolvconf
The following NEW packages will be installed:
curl easy-rsa libccid libcurl3 liblzo2-2 libpcsclite1 libpkcs11-helper1 librtmp1 libssh2-1 libusb-1.0-0 opensc
opensc-pkcs11 openvpn pcscd
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
Need to get 2700 kB of archives.
After this operation, 7408 kB of additional disk space will be used.
Get:1 http://security.debian.org/ jessie/updates/main libssh2-1 amd64 1.4.3-4.1+deb8u6 [128 kB]
Get:2 http://security.debian.org/ jessie/updates/main libcurl3 amd64 7.38.0-4+deb8u16 [261 kB]
Get:3 http://security.debian.org/ jessie/updates/main opensc-pkcs11 amd64 0.16.0-3+deb8u2 [752 kB]
Get:4 http://security.debian.org/ jessie/updates/main curl amd64 7.38.0-4+deb8u16 [202 kB]
Get:5 http://security.debian.org/ jessie/updates/main opensc amd64 0.16.0-3+deb8u2 [238 kB]
Get:6 http://build.openvpn.net/debian/openvpn/stable/ jessie/main openvpn amd64 2.4.8-jessie0 [574 kB]
Get:7 http://ftp.debian.org/debian/ jessie/main librtmp1 amd64 2.4+20150115.gita107cef-1+deb8u1 [60.0 kB]
Get:8 http://ftp.debian.org/debian/ jessie/main liblzo2-2 amd64 2.08-1.2 [54.6 kB]
Get:9 http://ftp.debian.org/debian/ jessie/main libpcsclite1 amd64 1.8.13-1+deb8u1 [56.2 kB]
Get:10 http://ftp.debian.org/debian/ jessie/main libpkcs11-helper1 amd64 1.11-2 [45.4 kB]
Get:11 http://ftp.debian.org/debian/ jessie/main libusb-1.0-0 amd64 2:1.0.19-1 [48.1 kB]
Get:12 http://ftp.debian.org/debian/ jessie/main libccid amd64 1.4.18-1 [173 kB]
Get:13 http://ftp.debian.org/debian/ jessie/main pcscd amd64 1.8.13-1+deb8u1 [91.0 kB]
Get:14 http://ftp.debian.org/debian/ jessie/main easy-rsa all 2.2.2-1 [17.1 kB]
Fetched 2700 kB in 1s (2103 kB/s)
Preconfiguring packages ...
Selecting previously unselected package librtmp1:amd64.
(Reading database ... 26676 files and directories currently installed.)
Preparing to unpack .../librtmp1_2.4+20150115.gita107cef-1+deb8u1_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20150115.gita107cef-1+deb8u1) ...
Selecting previously unselected package libssh2-1:amd64.
Preparing to unpack .../libssh2-1_1.4.3-4.1+deb8u6_amd64.deb ...
Unpacking libssh2-1:amd64 (1.4.3-4.1+deb8u6) ...
Selecting previously unselected package libcurl3:amd64.
Preparing to unpack .../libcurl3_7.38.0-4+deb8u16_amd64.deb ...
Unpacking libcurl3:amd64 (7.38.0-4+deb8u16) ...
Selecting previously unselected package liblzo2-2:amd64.
Preparing to unpack .../liblzo2-2_2.08-1.2_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.08-1.2) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../libpcsclite1_1.8.13-1+deb8u1_amd64.deb ...
Unpacking libpcsclite1:amd64 (1.8.13-1+deb8u1) ...
Selecting previously unselected package libpkcs11-helper1:amd64.
Preparing to unpack .../libpkcs11-helper1_1.11-2_amd64.deb ...
Unpacking libpkcs11-helper1:amd64 (1.11-2) ...
Selecting previously unselected package libusb-1.0-0:amd64.
Preparing to unpack .../libusb-1.0-0_2%3a1.0.19-1_amd64.deb ...
Unpacking libusb-1.0-0:amd64 (2:1.0.19-1) ...
Selecting previously unselected package opensc-pkcs11:amd64.
Preparing to unpack .../opensc-pkcs11_0.16.0-3+deb8u2_amd64.deb ...
Unpacking opensc-pkcs11:amd64 (0.16.0-3+deb8u2) ...
Selecting previously unselected package curl.
Preparing to unpack .../curl_7.38.0-4+deb8u16_amd64.deb ...
Unpacking curl (7.38.0-4+deb8u16) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../openvpn_2.4.8-jessie0_amd64.deb ...
Unpacking openvpn (2.4.8-jessie0) ...
Selecting previously unselected package libccid.
Preparing to unpack .../libccid_1.4.18-1_amd64.deb ...
Unpacking libccid (1.4.18-1) ...
Selecting previously unselected package pcscd.
Preparing to unpack .../pcscd_1.8.13-1+deb8u1_amd64.deb ...
Unpacking pcscd (1.8.13-1+deb8u1) ...
Selecting previously unselected package easy-rsa.
Preparing to unpack .../easy-rsa_2.2.2-1_all.deb ...
Unpacking easy-rsa (2.2.2-1) ...
Selecting previously unselected package opensc.
Preparing to unpack .../opensc_0.16.0-3+deb8u2_amd64.deb ...
Unpacking opensc (0.16.0-3+deb8u2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u13) ...
Setting up librtmp1:amd64 (2.4+20150115.gita107cef-1+deb8u1) ...
Setting up libssh2-1:amd64 (1.4.3-4.1+deb8u6) ...
Setting up libcurl3:amd64 (7.38.0-4+deb8u16) ...
Setting up liblzo2-2:amd64 (2.08-1.2) ...
Setting up libpcsclite1:amd64 (1.8.13-1+deb8u1) ...
Setting up libpkcs11-helper1:amd64 (1.11-2) ...
Setting up libusb-1.0-0:amd64 (2:1.0.19-1) ...
Setting up opensc-pkcs11:amd64 (0.16.0-3+deb8u2) ...
Setting up curl (7.38.0-4+deb8u16) ...
Setting up openvpn (2.4.8-jessie0) ...
[ ok ] Restarting virtual private network daemon.:.
Setting up libccid (1.4.18-1) ...
Setting up pcscd (1.8.13-1+deb8u1) ...
Setting up easy-rsa (2.2.2-1) ...
Setting up opensc (0.16.0-3+deb8u2) ...
Processing triggers for libc-bin (2.19-18+deb8u10) ...
Processing triggers for systemd (215-17+deb8u13) ...
converted 'https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz' (ANSI_X3.4-1968) -> 'https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz' (UTF-8)
--2020-03-18 07:52:09-- https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
Resolving github.com (github.com)... 140.82.113.3
Connecting to github.com (github.com)|140.82.113.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200318%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200318T115210Z&X-Amz-Expires=300&X-Amz-Signature=36d742ba533e90393cd4f8509e5733bb0b50835971b6f614b90e2ccac06f429a&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream [following]
converted 'https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200318%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200318T115210Z&X-Amz-Expires=300&X-Amz-Signature=36d742ba533e90393cd4f8509e5733bb0b50835971b6f614b90e2ccac06f429a&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DEasyRSA-unix-v3.0.6.tgz&response-content-type=application%2Foctet-stream' (ANSI_X3.4-1968) -> 'https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A/20200318/us-east-1/s3/aws4_request&X-Amz-Date=20200318T115210Z&X-Amz-Expires=300&X-Amz-Signature=36d742ba533e90393cd4f8509e5733bb0b50835971b6f614b90e2ccac06f429a&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment; filename=EasyRSA-unix-v3.0.6.tgz&response-content-type=application/octet-stream' (UTF-8)
--2020-03-18 07:52:10-- https://github-production-release-asset-2e65be.s3.amazonaws.com/4519663/8d46db80-266e-11e9-85e3-7de4dbee40d9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A/20200318/us-east-1/s3/aws4_request&X-Amz-Date=20200318T115210Z&X-Amz-Expires=300&X-Amz-Signature=36d742ba533e90393cd4f8509e5733bb0b50835971b6f614b90e2ccac06f429a&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment;%20filename=EasyRSA-unix-v3.0.6.tgz&response-content-type=application/octet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.217.38.228
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.217.38.228|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40840 (40K) [application/octet-stream]
Saving to: '/root/EasyRSA-unix-v3.0.6.tgz'

/root/EasyRSA-unix-v3.0.6.tgz 100%[===================================================>] 39.88K --.-KB/s in 0.008s

2020-03-18 07:52:10 (4.67 MB/s) - '/root/EasyRSA-unix-v3.0.6.tgz' saved [40840/40840]

Note: using Easy-RSA configuration from: ./vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki

read EC key
writing EC key

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.0.1t 3 May 2016
Generating a 256 bit EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/private/server_eqwRsSG9K3YppQ5B.key.r7q4S0E3QB'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server_eqwRsSG9K3YppQ5B'
Certificate is to be certified until Mar 3 11:52:10 2023 GMT (1080 days)

Write out database with 1 new entries
Data Base Updated

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.0.1t 3 May 2016
Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf

An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem

* Applying /etc/sysctl.d/20-openvpn.conf ...
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
Created symlink from /etc/systemd/system/multi-user.target.wants/[email protected]server.service to /etc/systemd/system/[email protected]
Created symlink from /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service to /etc/systemd/system/iptables-openvpn.service.

Tell me a name for the client.
Use one word only, no special characters.
Client name: rumah

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.0.1t 3 May 2016
Generating a 256 bit EC private key
writing new private key to '/etc/openvpn/easy-rsa/pki/private/rumah.key.ePpkF08tO9'
-----
Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'rumah'
Certificate is to be certified until Mar 3 11:52:27 2023 GMT (1080 days)

Write out database with 1 new entries
Data Base Updated

Client rumah added, the configuration file is available at /root/rumah.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

Salam

Content.ID