Posted
Filed under Computer/Mac
Mac mini에서 VPN를 설정하기 위해서는 server package를 구매해야 한다.
그러나 OS가 업그래이드 되면 server package는 그 에 맞는 버전을 새로 구매해야만 한다.

10.11로 업그레이드 했다가 데이터 날려먹고, 시스템이 병들어서 시름 시름 죽는다.
그래서 다시 다운 그래이드를 했다. 

다시 10.10으로 깔은것이다.

그러고 나서는 server package에서도 VPN이 정상 작동되지 않고 server package 및 몇가지 기능들이 정상 작동되지 않는다.
완전 미쳐버린다.

일단은 그냥 모든걸 버리고 안전하게 OpenVPN으로 가보려 시도 했다.
인터넷 상의 문서들을 참고로 했는데 뭔지 모를 이상한것으로 안된다.

그래서 이것저것 조합해서 해보다 보니 잘된다.

다음 내용이 그러하다.

0. Environments
    MAC Server IP : 192.168.1.x /24 (Currently using IP address)
    MAC Server network device : en0
    MAC Server default gateway : 192.168.1.1 (Router IP)
    VPN virtual IP : 10.1.0.x / 24
    VPN virtual GW: 10.1.0.1
    VPN Protocol : UDP
    VPN device  : tun
    VPN Port : 443

1. mac port를 설치해줘야 편하다. 
(mac port는 XCode가 설치되어 있어야 한다.)
download : https://www.macports.org/install.php

2. openvpn 설치
$ sudo port selfupdate
$ sudo port install openvpn

3. Install turnelblicks
download : https://tunnelblick.net/ ( old : https://code.google.com/p/tunnelblick/)

4. make a certification file (server / client)
root account로 작업을 해야 하는것이 있으므로 root account를 활성화해야한다.
$ dsenableroot

$ mkdir -p ~/Backups/OpenVPN/easy-rsa-tunnelblick
$ sudo rsync -va /Applications/Tunnelblick.app/Contents/Resources/easy-rsa-tunnelblick/ ~/Backups/OpenVPN/easy-rsa-tunnelblick/
$ su -
# cd ~<user>/Backups/OpenVPN/easy-rsa-tunnelblick/
# vi vars
적당히 본인에 맞게 수정한다.

# mkdir -m go-rwx ./keys
# touch ./keys/index.txt
# echo 1 > ./keys/serial
# . ./vars
# ./clean-all
# ./build-ca --pass

make a server's key file
# ./build-key-server <server domain name>

make a client's key file
# ./build-key <client domain name>

# ./build-dh
# /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn --genkey --secret ./keys/ta.key
# cd keys
# openssl verify -CAfile ca.crt ca.crt
# openssl verify -CAfile ca.crt <server domain name>.crt
# openssl verify -CAfile ca.crt <client domain name>.crt
# mkdir ~<user>/Desktop/<server domain name>_tun.tblk
# cd ~/Backups/OpenVPN/easy-rsa-tunnelblick/keys/
# cp -p ca.crt dh4096.pem <server domain name>.crt  <server domain name>.key ta.key ~<user>/Desktop/<server domain name>_tun.tblk
# exit
$ sudo chown -R <user> ~/Desktop/<server domain name>_tun.tblk
$ cd ~/Desktop/<server domain name>_tun.tblk

* Add port forwarding "proto: UDP,  port: 443, <server real ip>" to firewall or router.

5. make a server configuration file.
$ vi server.opvn
----------------------------------------------------------------
# global config
port 443
proto udp
dev tun
# Keys
ca ca.crt
cert <server domain name>.crt
key <server domain name>.key
dh dh4096.pem
#Users
user nobody
group nobody
# Connection type
client-to-client
server 10.1.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push redirect-gateway 10.1.0.1
verb 3
----------------------------------------------------------------

Double click "<server domain name>_tun.tblk" on your desk top screen.
Then check and add to tunnelblicks.

6. connect for server running.
add ip forwarding to the system between 10.1.0.x and <server real ip>.
$ sudo sysctl -w net.inet.ip.forwarding=1

click connect on tunnelblick software.
then will be connected.

7. make a client configuration file.
$ vi ~/Desktop/<client domain name>.ovpn
--------------------------------------------------
client
dev tun
proto udp
remote <remote ip address of openvpn server>  443
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;auth-user-pass
comp-lzo
verb 3
redirect-gateway def1
<ca>
---------------------------------------------
#  cat ~<user>/Backups/OpenVPN/easy-rsa-tunnelblick/keys/ca.crt >> ~<user>/Desktop/<client domain name>.ovpn
# echo "</ca>
<cert>" >> ~<user>/Desktop/<client domain name>.ovpn
# cat  ~<user>/Backups/OpenVPN/easy-rsa-tunnelblick/keys/<client domain name>.crt  >> ~<user>/Desktop/<client domain name>.ovpn
# echo "</cert>
<key> " >> ~<user>/Desktop/<client domain name>.ovpn
# cat ~<user>/Backups/OpenVPN/easy-rsa-tunnelblick/keys/<client domain name>.key  >> ~<user>/Desktop/<client domain name>.ovpn
# echo "</key>" >> ~<user>/Desktop/<client domain name>.ovpn
# chown <user>  ~<user>/Desktop/<client domain name>.ovpn
# exit

Turn off/disable root account
$  sudo dsenableroot -d


Copy this  ~/Desktop/<client domain name>.ovpn file to your iphone's OpenVPN APP via iTune.

You can see <client domain name>'s certification file in OpenVPN app.
Client Add and "connect on" then connected from iphone to the server.


이렇게 하면 간단하게 VPN서버를 구성할수가 있다. 무료로.
2015/10/31 15:25 2015/10/31 15:25
[로그인][오픈아이디란?]