Pengujian Jaringan OpenVPN di GNU/Linux Ubuntu

Pengujian dilakukan pada server dan client VPN yang telah terinstal software OpenVPN. Pengujian ini untuk memastikan terbentuknya IP Virtual dan saling terhubungnya jaringan VPN yang telah dibuat.

Menjalankan server VPN

# /etc/init.d/openvpn start

Starting virtual private network daemon: server(OK).

Checking Interfaces server

root@dikmansn-laptop:/home/dikmansn# ifconfig

eth0 Link encap:Ethernet HWaddr 00:16:D4:89:E8:78

inet addr:192.168.17.17 Bcast:192.168.17.255

Mask:255.255.255.0

inet6 addr: fe80::216:d4ff:fe89:e878/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:541342 errors:0 dropped:0 overruns:0 frame:0

TX packets:203581 errors:0 dropped:0 overruns:0

carrier:0

collisions:0 txqueuelen:1000

RX bytes:817465405 (779.5 MB) TX bytes:13607752 (12.9

MB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:8702 errors:0 dropped:0 overruns:0 frame:0

TX packets:8702 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:8126621 (7.7 MB) TX bytes:8126621 (7.7 MB)

tap0 Link encap:Ethernet HWaddr 00:FF:0B:64:F6:4B

inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0

inet6 addr: fe80::2ff:bff:fe64:f64b/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:25 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:3990 (3.8 KB)

Cek interfaces adalah untuk memastikan telah terbentuknya device tap0 dengan IP Virtual setelah mengaktifkan OpenVPN.

Menjalankan client VPN

# /etc/init.d/openvpn start

Starting virtual private network daemon: client(OK).

Memeriksa interfaces client VPN

root@dikmansn-desktop:/home/dikmansn# ifconfig

eth1 Link encap:Ethernet HWaddr 00:19:5B:0A:BF:BA

inet addr:192.168.17.18 Bcast:192.168.17.255

Mask:255.255.255.0

inet6 addr: fe80::219:5bff:fe0a:bfba/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:203702 errors:0 dropped:0 overruns:0 frame:0

TX packets:541780 errors:0 dropped:0 overruns:0

carrier:0

collisions:0 txqueuelen:1000

RX bytes:13625036 (12.9 MB) TX bytes:817514671 (779.6

MB)

Interrupt:20 Base address:0xac00

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:9260 errors:0 dropped:0 overruns:0 frame:0

TX packets:9260 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:7193603 (6.8 MB) TX bytes:7193603 (6.8 MB)

tap0 Link encap:Ethernet HWaddr 00:FF:1F:C8:DE:35

inet addr:10.8.0.2 Bcast:10.8.0.255 Mask:255.255.255.0

inet6 addr: fe80::2ff:1fff:fec8:de35/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:9 errors:0 dropped:0 overruns:0 frame:0

TX packets:72 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:1691 (1.6 KB) TX bytes:10347 (10.1 KB)

Cek interfaces adalah untuk memastikan telah terbentuknya device tap0 dengan IP Virtual setelah mengaktifkan OpenVPN.

Log server OpenVPN:

root@dikmansn-laptop:/etc/openvpn# openvpn –config /etc/openvpn/server.conf

Mon Jun 23 10:10:23 2008 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on May 24 2008

Mon Jun 23 10:10:23 2008 Diffie-Hellman initialized with 1024 bit key

Mon Jun 23 10:10:23 2008 TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]

Mon Jun 23 10:10:23 2008 TUN/TAP device tap0 opened

Mon Jun 23 10:10:23 2008 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

Mon Jun 23 10:10:23 2008 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]

Mon Jun 23 10:10:23 2008 UDPv4 link local (bound): [undef]:5000

Mon Jun 23 10:10:23 2008 UDPv4 link remote: [undef]

Mon Jun 23 10:10:23 2008 MULTI: multi_init called, r=256 v=256

Mon Jun 23 10:10:23 2008 IFCONFIG POOL: base=10.8.0.2 size=10

Mon Jun 23 10:10:23 2008 Initialization Sequence Completed

Mon Jun 23 10:10:32 2008 MULTI: multi_create_instance called

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Re-using SSL/TLS context

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 LZO compression initialized

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Local Options hash (VER=V4): ’26e19fc0′

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Expected Remote Options hash (VER=V4): ‘b498be7c’

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 TLS: Initial packet from 192.168.17.18:32773, sid=17696634 32d0c640

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 VERIFY OK: depth=1, /C=ID/ST=JT/L=Surabaya/O=UBAYA/OU=Elektro/CN=Server/emailAddress=die_xy@yahoo.co.id

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 VERIFY OK: depth=0, /C=ID/ST=JT/O=UBAYA/OU=Elektro/CN=client1/emailAddress=die_xy@yahoo.co.id

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Data Channel Encrypt: Cipher ‘AES-128-CBC’ initialized with 128 bit key

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Data Channel Decrypt: Cipher ‘AES-128-CBC’ initialized with 128 bit key

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Mon Jun 23 10:10:32 2008 192.168.17.18:32773 [client1] Peer Connection Initiated with 192.168.17.18:32773

Mon Jun 23 10:10:34 2008 client1/192.168.17.18:32773 PUSH: Received control message: ‘PUSH_REQUEST’

Mon Jun 23 10:10:34 2008 client1/192.168.17.18:32773 SENT CONTROL [client1]: ‘PUSH_REPLY,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0’ (status=1)

Mon Jun 23 10:10:34 2008 client1/192.168.17.18:32773 MULTI: Learn: 00:ff:7a:f9:9e:05 -> client1/192.168.17.18:32773

Dari hasil log server didapat bahwa server VPN telah me-remote client VPN dengan mem-verify client yang mempunyai key dan sertifikat yang sesuai dengan key dan sertifikat dari server. Sehingga client VPN 192.168.17.18 mendapatkan IP Virtual dengan alamat IP 10.8.0.2

Log dari client OpenVPN:

root@dikmansn-desktop:/etc/openvpn# openvpn –config /etc/openvpn/client.conf

Sat Jun 21 23:00:47 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007

Sat Jun 21 23:00:47 2008 LZO compression initialized

Sat Jun 21 23:00:47 2008 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sat Jun 21 23:00:47 2008 TUN/TAP device tap1 opened

Sat Jun 21 23:00:47 2008 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]

Sat Jun 21 23:00:47 2008 Local Options hash (VER=V4): ‘b498be7c’

Sat Jun 21 23:00:47 2008 Expected Remote Options hash (VER=V4): ’26e19fc0′

Sat Jun 21 23:00:47 2008 UDPv4 link local: [undef]

Sat Jun 21 23:00:47 2008 UDPv4 link remote: 192.168.17.17:5000

Sat Jun 21 23:00:47 2008 TLS: Initial packet from 192.168.17.17:5000, sid=2d9a3293 e4cd7b3b

Sat Jun 21 23:00:47 2008 VERIFY OK: depth=1, /C=ID/ST=JT/L=Surabaya/O=UBAYA/OU=Elektro/CN=Server/emailAddress=die_xy@yahoo.co.id

Sat Jun 21 23:00:47 2008 VERIFY OK: nsCertType=SERVER

Sat Jun 21 23:00:47 2008 VERIFY OK: depth=0, /C=ID/ST=JT/O=UBAYA/OU=Elektro/CN=Server/emailAddress=die_xy@yahoo.co.id

Sat Jun 21 23:00:48 2008 Data Channel Encrypt: Cipher ‘AES-128-CBC’ initialized with 128 bit key

Sat Jun 21 23:00:48 2008 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication

Sat Jun 21 23:00:48 2008 Data Channel Decrypt: Cipher ‘AES-128-CBC’ initialized with 128 bit key

Sat Jun 21 23:00:48 2008 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication

Sat Jun 21 23:00:48 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Sat Jun 21 23:00:48 2008 [Server] Peer Connection Initiated with 192.168.17.17:5000

Sat Jun 21 23:00:49 2008 Initialization Sequence Completed

Dari hasil log client didapatkan bahwa client telah mendapatkan persetujuan dari server VPN. Sehingga jaringan VPN antara server dan client terbentuk.

  • Menguji konektivitas jaringan server VPN (10.8.0.1) dengan client VPN (10.8.0.2) dengan menggunakan perintah ping dari komputer server ke client dan sebaliknya:

root@dikmansn-laptop:/etc/openvpn# ping 10.8.0.2

PING 10.8.0.2 (10.8.0.2) 56(84) bytes of data.

64 bytes from 10.8.0.2: icmp_seq=1 ttl=64 time=0.587 ms

64 bytes from 10.8.0.2: icmp_seq=2 ttl=64 time=0.524 ms

64 bytes from 10.8.0.2: icmp_seq=3 ttl=64 time=0.647 ms

64 bytes from 10.8.0.2: icmp_seq=4 ttl=64 time=0.826 ms

64 bytes from 10.8.0.2: icmp_seq=5 ttl=64 time=0.528 ms

64 bytes from 10.8.0.2: icmp_seq=6 ttl=64 time=0.646 ms

64 bytes from 10.8.0.2: icmp_seq=7 ttl=64 time=0.841 ms

64 bytes from 10.8.0.2: icmp_seq=8 ttl=64 time=0.535 ms

64 bytes from 10.8.0.2: icmp_seq=9 ttl=64 time=0.634 ms

64 bytes from 10.8.0.2: icmp_seq=10 ttl=64 time=0.523 ms

64 bytes from 10.8.0.2: icmp_seq=11 ttl=64 time=0.528 ms

— 10.8.0.2 ping statistics —

11 packets transmitted, 11 received, 0% packet loss, time 10000ms

rtt min/avg/max/mdev = 0.523/0.619/0.841/0.116 ms


root@dikmansn-desktop:/etc/openvpn# ping 10.8.0.1

PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.

64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.891 ms

64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=0.859 ms

64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.710 ms

64 bytes from 10.8.0.1: icmp_seq=4 ttl=64 time=0.847 ms

64 bytes from 10.8.0.1: icmp_seq=5 ttl=64 time=0.703 ms

64 bytes from 10.8.0.1: icmp_seq=6 ttl=64 time=0.850 ms

64 bytes from 10.8.0.1: icmp_seq=7 ttl=64 time=0.719 ms

64 bytes from 10.8.0.1: icmp_seq=8 ttl=64 time=1.10 ms

64 bytes from 10.8.0.1: icmp_seq=9 ttl=64 time=0.723 ms

64 bytes from 10.8.0.1: icmp_seq=10 ttl=64 time=0.892 ms

64 bytes from 10.8.0.1: icmp_seq=11 ttl=64 time=0.887 ms

64 bytes from 10.8.0.1: icmp_seq=12 ttl=64 time=0.882 ms

— 10.8.0.1 ping statistics —

12 packets transmitted, 12 received, 0% packet loss, time 11001ms

rtt min/avg/max/mdev = 0.703/0.839/1.108/0.112 ms

2 thoughts on “Pengujian Jaringan OpenVPN di GNU/Linux Ubuntu

  1. maaf mas
    Saya mau tanya,,,
    ketika saya koneksiin openvpn client ke server koneksi tidak ada error..dan bisa ping

    1. namun yang saya bggung ketika saya konek ke openvpn server tidak ada athentifikasi username dan password dr client??padahal saya sudah buat.
    2. ketika saya buka ftp server dr server openvpn username dan password ftp saya di ketahui dan tidak ter enkripsi???(saya lacak menggunakan wiresharke)

    mohon bantuannya…
    terima kasih..

    • Mohon maaf, mas.. saya tidak dapat menjawab pertanyaannya… saya sudah tidak menggeluti bidang tersebut lagi… silahkan bertanya ke yang lebih kompeten… saya sarankan ke pak onno… Terima kasih…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s