4GPU Server
8GPU Server
HGX Server
2GPU Workstation
4GPU Workstation
나라장터 등록제품
Compact AI
10GPU Server
WEB Server
WAS Server
고성능 DB
타워형서버
나라장터 등록제품
1CPU Workstation
2CPU Workstation
나라장터 등록제품
Cloud
Open Source
NVIDIA
HCI
Backup
MLOps
HW/SW 유지보수
openvpn 설치 및 설정!
#서버 설치 (DMZ Linux)
sudo apt install openvpn easy-rsa
#PKI(인증서)환경준비
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
#환경초기화
./easyrsa init-pki
#Common Name (CN) 설정
./easyrsa build-ca
#서버 인증서/키 생성 Common Name
./easyrsa gen-req server nopass
./easyrsa sign-req server server#서버 인증서 이름입니다. ex)인증서이름: server
#클라이언트 인증서/키 생성
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
#Diffie-Hellman 파라미터 및 TLS 키 생성
./easyrsa gen-dh
openvpn --genkey --secret ta.key
#OpenVPN 서버 설정
sudo mkdir -p /etc/openvpn/server
sudo vi /etc/openvpn/server/server.conf
ex) server.conf내용
port 443
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
tls-auth /etc/openvpn/server/ta.key 0
server 10.8.0.1 255.255.255.0
push "route 192.168.1.0 255.255.255.0" # 폐쇄망 내부 라우팅
keepalive 10 120
cipher AES-256-GCM
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
#인증서 복사
sudo cp pki/ca.crt /etc/openvpn/server/
sudo cp pki/issued/server.crt /etc/openvpn/server/
sudo cp pki/private/server.key /etc/openvpn/server/
sudo cp pki/dh.pem /etc/openvpn/server/
sudo cp ta.key /etc/openvpn/server/
#IP 포워딩 및 방화벽 설정
sudo vi /etc/sysctl.conf
#아래 줄 추가/수정
net.ipv4.ip_forward=1
#내용 저장후
sudo sysctl -p
#방화벽에서 NAT 허용
sudo ufw allow 443/tcp
sudo iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -o eth0 -j MASQUERADE
#서비스 시작
sudo systemctl enable openvpn-server@server
sudo systemctl start openvpn-server@server
sudo systemctl status openvpn-server@server
클라이언트 설정 파일 생성
sudo vi /etc/openvpn/client/client.ovpn
#/etc/openvpn/client/client.ovpn내용 예시
client
dev tun
proto tcp
remote your.vpn.server.ip 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
key-direction 1
verb 3
< ca >
-----BEGIN CERTIFICATE-----
(여기에 ca.crt 내용 입력)
-----END CERTIFICATE-----
< /ca >
< cert >
-----BEGIN CERTIFICATE-----
(여기에 client1.crt 내용 입력)
-----END CERTIFICATE-----
< /cert >
< key >
-----BEGIN PRIVATE KEY-----
(여기에 client1.key 내용 입력)
-----END PRIVATE KEY-----
< /key >
< tls-auth >
-----BEGIN OpenVPN Static key V1-----
(여기에 ta.key 내용 입력)
-----END OpenVPN Static key V1-----
< /tls-auth >
외부 PC에서 OpenVPN Client 설치 후 client.ovpn 파일로 연결(접속) 합니다!