VPN Entre Servidores CentOS 6 e Windows 7 (Artigo)

931HQWUHVHUYLGRUHV&HQW26H:LQGRZV>$UWLJR@
/LQX[ DUWLJRVFDWHJRULD,QGH[SKS"FRGLJR
6HJXUDQoD DUWLJRVYHU6XE&DWHJRULDSKS"FRGLJR
931HQWUHVHUYLGRUHV&HQW26H:LQGRZV
VPN entre servidores CentOS 6 e Windows 7

2SHQ931VHQWUHVHUYLGRUHV*18/LQX[&HQW26
aFDGXURGULJXHV HFOLHQWHV:LQGRZV&HQiULR6HUYLGRU
ILUHZDOOFRP&HQW262SHQ931HHVWDo}HV
FDGXURGULJXHV aFDGXURGULJXHV
GHWUDEDOKRVRXQRWHERRNVGHFRQVXOWRUHV
H[WHUQRVFRP:LQGRZV
3RU&DUORV(GXDUGR0DFLHO5RGULJXHVHP >+LWV@
 
'HQXQFLH GHQXQFLHLQGH[SKS )DYRULWRV DGG%RRNPDUNSKS"
WLSR DUWLJR FRGLJR ,QGLFDU IRUP,QGLFDUSKS"WLSR DUWLJR FRGLJR 
,PSUHVVRUD DUWLJRVLPSUHVVRUDSKS"FRGLJR
CONFIGURAÇÃO DOS SERVIDORES E DO OPENVPN
1HVWHDUWLJRHVWRXH[SOLFDQGRRSDVVRDSDVVRVREUHFRPRLPSODQWDUXPDVPNXWLOL]DQGR
OpenVPNFRPVHUYLGRUHVCentOS 6RXRed HatH&OLHQWHV:LQGRZV
(VWHFHQiULRpPXLWRXVDGRHPHPSUHVDVTXHSRVVXHPXPDPDWUL]HWHPFRQVXOWRUHVH[WHUQRV
TXHSUHFLVDPWHUDFHVVRDRVVHUYLGRUHVGHGDGRVGDPDWUL]
3ULPHLURSDVVRYDPRVFRQILJXUDURVHUYLGRU2SHQ931TXHIDUiDDXWHQWLFDomRGRVXVXiULRV
,QVWDOHRVSDFRWHV
# yum install gcc rpmbuild autoconf.noarch zlibdevel pamdevel

lzo lzodevel openssldevel automake imake pkgconfig gccc++
libcrypto.so.6
)DoD'RZQORDGGRVSDFRWHV
$ wgetKWWSRSHQYSQQHWUHOHDVHRSHQYSQWDUJ] KWWSRSHQYSQQHWUHOHDVHRSHQYSQ
WDUJ]
$ wgetKWWSRSHQYSQQHWUHOHDVHO]RUIVUFUSP KWWSRSHQYSQQHWUHOHDVHO]R
UIVUFUSP
KWWSZZZYLYDROLQX[FRPEUDUWLJR931HQWUHVHUYLGRUHV&HQW26H:LQGRZV
$ wget ftp://ftp.muug.mb.ca/mirror/fedora/epel/5/x86_64/pkcs11
helper1.072.el5.1.i386.rpm
$ wget ftp://ftp.muug.mb.ca/mirror/fedora/epel/5/x86_64/pkcs11
helperdevel1.072.el5.1.i386.rpm
,QVWDOHRVSDFRWHVEDL[DGRV
# rpmbuild rebuild lzo1.084.rf.src.rpm

# rpm Uvh /root/rpmbuild/RPMS/i386/lzo*.rpm
# rpm ivh pkcs11helper*.rpm
# rpmbuild tb openvpn2.1.3.tar.gz
# rpm Uvh /root/rpmbuild/RPMS/i386/openvpn2.1.31.i386.rpm
1DVHTXrQFLDFULHXPGLUHWyULRFKDPDGRRSHQYSQGHQWURGR/etc
# mkdir /etc/openvpn
(QWUHGHQWURGRGLUHWyULR/etc/openvpn
# cd /etc/openvpn
&RSLHRGLUHWyULR/usr/share/doc/openvpn2.1.3/easyrsa/2.0/SDUDGHQWURGR/etc/openvpn
# cp r /usr/share/doc/openvpn2.1.3/easyrsa/2.0/
'HQWURGRGLUHWyULRetc/openvpn/2.0FRQWpPRVVFULSWVQHFHVViULRVSDUDFRQILJXUDomRGD931
KWWSLPJYLYDROLQX[FRPEULPDJHQVDUWLJRVFRPXQLGDGH,7(0BSQJ
(QWUHQRGLUHWyULRTXHDFDERXGHFRSLDU HWFRSHQYSQ HYDPRVHGLWDURDUTXLYRvars XVHR

HGLWRUGHWH[WRGHVXDSUHIHUrQFLDHXYRXXVDUVim
# cd /etc/openvpn/2.0
# vim vars
7URTXHRVSDUkPHWURVDEDL[RSHORVGHVXDHPSUHVDHVDOYHRDUTXLYR
$JRUDYDPRVFDUUHJDUHVWHVDUTXLYRVQDPHPyULDSDUDTXHRVPHVPRVVHMDPFRORFDGRV
FRPYDULiYHLVGHDPELHQWH
# source ./vars
9DPRVH[HFXWDURVFULSWcleanallSDUDTXHVHMDOLPSRWRGDVDVFKDYHVHQmRKDMDFRQIOLWRGH
YDULiYHLV
# ./cleanall
$JRUDYDPRVFRPHoDUDFULDUDVDXWRULGDGHVFHUWLILFDGRUDVHRVFHUWLILFDGRV
#./buildca
2PHVPRLUiWUD]HURVYDORUHVSDGU}HVDWpPHVPRSRUTXHHGLWDPRVRDUTXLYRvarsDSHQDV
FRQILPHSUHVVLRQDQGRENTERSDUDFRQFOXLUDFULDomRGDDXWRULGDGHFHUWLILFDGRUD
$SDUWLUGHDJRUDIRLFULDGRXPGLUHWyULRFKDPDGR.H\VRQGHFRQWpPRVFHUWLILFDGRVGD &$
2EVeLPSRUWDQWHTXHHVWHFHUWLILFDGRH[LVWDWDQWRQRVHUYLGRUFRPRQRFOLHQWH
9DPRVJHUDURVFHUWLILFDGRVGRVHUYLGRU
#./buildkeyserver Matriz
2EV0DWUL]pRQRPHGRPHXVHUYHU
(XQmRFRORFRDWULEXWRVH[WUDVGHVHJXUDQoD
&RQILUPHRVGDGRV
$SyVDFULDomRGRFHUWLILFDGRYHULILTXHQRGLUHWyULR.H\VTXHDJRUDH[LVWHRFHUWLILFDGR0DWUL]
DFKDYHGHDFHVVRHDUHTXLVLomRGRFHUWLILFDGR
PDWUL]NH\
PDWUL]FVU
PDWUL]FUW
$JRUDYDPRVJHUDUDVFKDYHVGRVPHXVFOLHQWHVRXFRQVXOWRUHVH[WHUQRVYRXFKDPDUGH
FRQVXOWRU
#./buildkey consultor1
&RQILUPHRVGDGRV QmRXWLOL]RVHQKDDVVLPQXPSULPHLURPRPHQWRSRGHUiYDOLGDUVHVXDV
FKDYHVHVWmRIXQFLRQDQGR
FRQVXOWRUNH\
FRQVXOWRUFVU
FRQVXOWRUFUW
(SRUILPYDPRVFULDURFHUWLILFDGRDiffie hellman(VWHFHUWLILFDGRpPXLWRLPSRUWDQWHSRLVR
PHVPRJDUDQWHTXHWRGDWURFDGHFKDYHVVHUiIHLWRFRPWRGDVHJXUDQoD
# ./builddh
9HULILTXHQRGLUHWyULRV.H\VTXHDVFKDYHVIRUDPFULDGDVDVFKDYHVGR&$0$75,=
&2168/725H'+
&DVRQmRDFRQWHFHXYHULILTXHVHQmRSXORXQHQKXPSDVVR
9DPRVFULDUXPOLQNVLPEyOLFRTXHYDLDSRQWDUSDUDRGLUHWyULR.H\V
# ln s /2.0/keys keys
,VWRYDLIDFLOLWDURDFHVVRDRGLUHWyULR
2SUy[LPRSDVVRVHUiFRQILJXUDUDPDWUL]SDUDID]HUDDXWHQWLFDomRGRVXVXiULRV9DPRVFULDU
XPDUTXLYRFKDPDGRPDWUL]FRQIGHQWURGRGLUHWyULR/etc/openvpn/
# touch matriz.conf
$JRUDVyIDOWDUHLQLFLDURVHUYLoR931
# /etc/init.d/openvpn restart
&DVRH[LVWDDOJXPSUREOHPDSRUIDYRUYHULILTXHHPORJ
9DPRVFRQILJXUDURVFOLHQWHTXHVHUiRQRVVRFRQVXOWRU
1HVWHDUWLJRHVWRXXWLOL]DQGRROpenVPNPortableHVWHDSOLFDWLYRSHUPLWHTXHRPHVPRVHMD
XWLOL]DGRHPXPSHQGULYHHVHMDH[HFXWDGRHPTXDOTXHUFRPSXWDGRUTXHSRVVXD:LQGRZV
23DFRWHFRQWpPDOJXPDVSDVWDV
1RDUTXLYR2SHQ9313RUWDEOHLQLWHPRVDVVHJXLQWHVFRQILJXUDo}HV
2EVHUYDomR1HVWHDUTXLYRSUHFLVDVHUWURFDGRRSDUkPHWURAutoConnectSDUDRQRPHGD
FKDYHFULDGDQRFDVRGRH[HPSORHVWRXXWLOL]DQGR&RQVXOWRU
'HQWURGRGLUHWyULRdataH[LVWHXPGLUHWyULRconfigTXHFRQWpPDVFKDYHVHRDUTXLYRFRPD
H[WHQVmRRYSQRVPHVPRVGHYHPILFDUGDVHJXLQWHIRUPD
$FLPDFRQWpPDVFKDYHVFULDGDVQRVHUYLGRUTXHIRUDPFRSLDGDVSDUDGHQWURGRGLUHWyULR
configHMXQWRFRPDVFKDYHVpFRQWLGRRDUTXLYRFRQVXOWRURYSQ
1HVWHDUTXLYRH[LWHPRVSDUkPHWURVGHFRQILJXUDomRGRFOLHQWHSDUDFRQH[mRFRPRVHUYLGRU2V
SDUkPHWURVGHYHPILFDUGDVHJXLQWHIRUPD
$SyVRWpUPLQRGDVFRQILJXUDo}HVGRFOLHQWHH[HFXWHRDUTXLYROpenVPNPortable.exe
2PHVPRIDUiDFRQH[mRDXWRPiWLFDFRPR6HUYLGRU931
&RPRGLFDH[LVWHPDOJXPDVREVHUYDo}HV
1R:LQGRZVGHVDELOLWHD8$& 8VHU$FFRXQW&RQWURO FDVRFRQWUiULRR:LQGRZV

EORTXHDUiDFULDomRGRDGDSWDGRUGHUHGHYLUWXDO
9HULILTXHDVURWDVGRVILUHZDOOSDUDOLEHUDUDVSRUWDVTXHLUmRXWLOL]DUSDUDFRQH[mRFRPD
931
&DVRWHQKDPG~YLGDVVHJXHRPHXHPDLOFDGXURGULJXHV>DW@KRWPDLOFRP


3iJLQDVGRDUWLJR
&RQILJXUDomRGRVVHUYLGRUHVHGR2SHQ931
2XWURVDUWLJRVGHVWHDXWRU
1HQKXPDUWLJRHQFRQWUDGR
/HLWXUDUHFRPHQGDGD
5HFXSHUDUDVHQKDGHURRWLQLFLDQGRDWUDYpVGRLQLW ELQEDVKHDOWHUDQGRRDUTXLYR
HWFVKDGRZ DUWLJR5HFXSHUDUDVHQKDGHURRWLQLFLDQGRDWUDYHVGRLQLW ELQEDVKHDOWHUDQGR
RDUTXLYRHWFVKDGRZ
$QiOLVHGH0DOZDUHHP)RUHQVH&RPSXWDFLRQDO DUWLJR$QDOLVHGH0DOZDUHHP)RUHQVH
&RPSXWDFLRQDO
)URP'HSOR\:$5 7RPFDW WR6KHOO )UHH%6' DUWLJR)URP'HSOR\:$57RPFDWWR6KHOO

)UHH%6'
8VDQGRHLQVWDODQGRR1HVVXVQR/LQX[ DUWLJR8VDQGRHLQVWDODQGRR1HVVXVQR/LQX[
*HUHQFLDUHFRQILJXUDULQHWGHVHUYLoRVUHODFLRQDGRV DUWLJR*HUHQFLDUHFRQILJXUDULQHWGH
VHUYLFRVUHODFLRQDGRV
&RPHQWiULRV
[1] Comentário enviado por haereticus (/~haereticus) em 10/08/2012

10:14h
&DUDPEDPXLWRVKRZDWHPSRVWRWHQWDQGRLPSOHPHQWDUXPVHUYLGRUFRPHVWUXWXUDSDUHFLGD
YRXDQDOLVDUFRPFDOPDRWXWRULDOHSRUHPSUiWLFDHPEUHYH
9DOHX
 
[2] Comentário enviado por rodrigo.kiyoshi (/~rodrigo.kiyoshi) em

10/08/2012 11:00h
%RPDUWLJRSDUDEpQV
 
[3] Comentário enviado por cadurodrigues14 (/~cadurodrigues14) em

10/08/2012 11:10h
2Oi&ORFNZRUNOLQX[
2EULJDGRSHODFRQWULEXLomRHVWHFHQiULRMiWHQKRIXQFLRQDQGRHPDOJXQVFOLHQWHVFDVRSUHFLVH
GHDMXGDVyHQWUDUHPFRQWDWR
$Eo
&DUORV5RGULJXHV
>@&RPHQWiULRHQYLDGRSRUFORFNZRUNOLQX[HPK
&DUDPEDPXLWRVKRZDWHPSRVWRWHQWDQGRLPSOHPHQWDUXPVHUYLGRUFRPHVWUXWXUD
SDUHFLGDYRXDQDOLVDUFRPFDOPDRWXWRULDOHSRUHPSUiWLFDHPEUHYH
9DOHX
 

10/08/2012 11:12h
2Oi5RGULJR
2EULJDGRSHODFRQWULEXLomRFDVRSUHFLVHGHDMXGDSDUDLPSOHPHQWDUVyHQWUDUHPFRQWDWR
$Eo
&DUORV5RGULJXHV
FDGXURGULJXHV#KRWPDLOFRP
>@&RPHQWiULRHQYLDGRSRUURGULJRNL\RVKLHPK
%RPDUWLJRSDUDEpQV
 
[5] Comentário enviado por LuizOtavio (/~LuizOtavio) em 11/08/2012

23:47h
0XLWRERPRDUWLJRXWLOL]DPRV931QDHPSUHVDSRUpPQDSODWDIRUPD:LQGRZV
(VWDUHLUHSDVVDQGRDLQIRUPDomRSDUDQRVVR$GP5HGHVSDUDDWULEXLUPRVHPXPSURMHWRGH
PHOKRULDV
2EULJDGR
$Eo
 
[6] Comentário enviado por JOSERF (/~JOSERF) em 18/08/2012 15:45h
EDFDQDRDUWLJRPDVGHYHULDWHUFRORFDGRRVDTUXLYRVSDUDGRZQORDGHSRGHUFRSLDUFRORFDU
HPLPDJHPIRLPDQFDGD
 

20/08/2012 00:38h
2NPXLWRREULJDGR
&DUORV5RGULJXHV
>@&RPHQWiULRHQYLDGRSRUFDGXURGULJXHVHPK2Oi5RGULJR
2EULJDGRSHODFRQWULEXLomRFDVRSUHFLVHGHDMXGDSDUDLPSOHPHQWDUVyHQWUDUHP
FRQWDWR$Eo&DUORV5RGULJXHVFDGXURGULJXHV#KRWPDLOFRP
>@&RPHQWiULRHQYLDGRSRUURGULJRNL\RVKLHPK%RPDUWLJR
SDUDEpQV
 

20/08/2012 00:41h
$PLJRERDQRLWH
2EULJDGRSHORFRPHQWiULRSRUpPRVDUWLJRVSDUD'RZQORDGMiHVWmRFRPRVOLQNV
GLVSRQLELOL]DGRVSDUDGRZQORDGVRDSOLFDWLYRGRZLQGRZVSRGHVHUHQFRQWUDWRQD
ZZZRSHQYSQQHW KWWSZZZRSHQYSQQHW
DEo 
&DUORV5RGULJXHV
>@&RPHQWiULRHQYLDGRSRU-26(5)HPKEDFDQDRDUWLJRPDV
GHYHULDWHUFRORFDGRRVDTUXLYRVSDUDGRZQORDGHSRGHUFRSLDUFRORFDUHPLPDJHP
IRLPDQFDGD
 
[9] Comentário enviado por fernandowx (/~fernandowx) em 22/08/2012

23:57h
3DUDEpQVSHORDUWLJR2EULJDGRSRUHVFODUHFHUDVPLQKDVG~YLGDV
$EUDoR
 
[10] Comentário enviado por Linuxlrt (/~Linuxlrt) em 04/10/2012

16:12h
0XLWRERP
$MXGRXEDVWDQWH
 
[11] Comentário enviado por eduardo.beltran (/~eduardo.beltran) em

29/01/2015 20:56h
ERDQRLWHVHLTXHRWRSLFRpXPSRXFRDQWLJRPDVJRVWDULDPXLWRGHVDEHUVHHVWDV
FRQILJXUDoRHVVHDSOLFDPWEHPDXPVHUYLGRUFHQWRVVDPEDFRPRGRPLQLR2EULJDGR
 
Contribuir com comentário

(QYLDU

$PDLRUFRPXQLGDGH*18/LQX[GD$PpULFD/DWLQD$UWLJRVGLFDVWXWRULDLVIyUXPVFULSWVHPXLWR
PDLV,GHDOSDUDTXHPEXVFDDXWRDMXGD
)$43HUJXQWDVIUHTXHQWHV IDTSKS
(VWDWtVWLFDVGRVLWH HVWDWLVWLFDVSKS
(TXLSHGHPRGHUDGRUHV HTXLSH
0HPEURVGDFRPXQLGDGH PHPEURV
$QXQFLH DQXQFLH
&RQWDWR IDOHFRP
3ROtWLFDGHSULYDFLGDGH SULYDFLGDGH
4XHPVRPRV TXHPVRPRV
7HUPRVGHXVR WHUPRVGHXVR
6LWHKRVSHGDGRSRU
YHU%DQQHUSKS"FRGLJR
9LVLWHWDPEpP%5/LQX[RUJ YHU%DQQHUSKS"FRGLJR ā'LFDV/ YHU%DQQHUSKS"

FRGLJR ā'LROLQX[ YHU%DQQHUSKS"FRGLJR ā6RIWZDUH/LYUHRUJ YHU%DQQHUSKS"
FRGLJR ā8QGHU/LQX[ YHU%DQQHUSKS"FRGLJR

VPN Entre Servidores CentOS 6 e Windows 7 (Artigo)

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

VPN Entre Servidores CentOS 6 e Windows 7 (Artigo)

Enviado por

Direitos autorais:

Formatos disponíveis

931HQWUHVHUYLGRUHV&HQW26H:LQGRZV>$UWLJR@