Konfigurasikan Client OpenVPN untuk menggunakan Server DNS tertentu

Ini adalah tutorial singkat tentang cara mengkonfigurasi client OpenVPN untuk menggunakan server DNS tertentu. Server OpenVPN dapat dikonfigurasi untuk memungkinkan client menggunakan server DNS khusus untuk resolusi nama host.

Dalam tutorial kami sebelumnya, kami telah membahas cara menginstal dan mengkonfigurasi server OpenVPN;

Instal Server OpenVPN di Debian 11/Debian 10

Konfigurasikan Client OpenVPN untuk menggunakan Server DNS tertentu

Untuk mengkonfigurasi client OpenVPN untuk menggunakan server DNS tertentu;

Ada berbagai cara di mana Anda dapat mendorong server DNS tertentu untuk resolusi nama.

  • Dorong alamat DNS ke Client dari OpenVPN Server
  • Tentukan alamat DNS pada konfigurasi Client OpenVPN

Dorong alamat DNS ke Client dari OpenVPN Server

Untuk mengkonfigurasi server OpenVPN untuk mendorong alamat DNS ke client, edit file konfigurasi server OpenVPN dan tambahkan baris;

push "dhcp-option DNS X.X.X.X"

Di mana X.X.X.Xalamat IP server DNS.

Anda dapat menambahkan beberapa entri server DNS;

push "dhcp-option DNS 192.168.58.22" push "dhcp-option DNS 8.8.8.8"

Untuk menentukan bagian domain DNS;

push "dhcp-option DOMAIN DOMAIN-NAME"

Sebagai contoh;

push "dhcp-option DOMAIN kifarunix-demo.com"

Berikut adalah contoh file konfigurasi server OpenVPN saya;

cat /etc/openvpn/server/server.conf
port 1194 proto udp dev tun ca ca.crt cert issued/server.crt key private/server.key # This file should be kept secret dh dh.pem topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 192.168.58.22" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DOMAIN kifarunix-demo.com" client-to-client keepalive 10 120 tls-auth ta.key 0 # This file is secret cipher AES-256-CBC data-ciphers AES-256-CBC comp-lzo no persist-key persist-tun status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 auth SHA512 

Mulai ulang Server DNS;

systemctl restart [email protected]

Tentukan alamat DNS pada konfigurasi Client OpenVPN

Jika Anda tidak memiliki akses ke server OpenVPN untuk menerapkan konfigurasi di atas, maka Anda dapat mengedit file konfigurasi client OpenVPN Anda dan menambahkan baris;

dhcp-option DNS X.X.X.X dhcp-option DNS DNS-IP-1 dhcp-option DNS DNS-IP-2 push "dhcp-option DOMAIN DOMAIN-NAME"

Berikut adalah contoh client OpenVPN;

cat client-1.ovpn
client tls-client pull dev tun proto udp4 remote 192.168.58.22 1194 resolv-retry infinite nobind #user nobody #group nogroup persist-key persist-tun key-direction 1 remote-cert-tls server auth-nocache comp-lzo verb 3 auth SHA512 cipher AES-256-CBC data-ciphers AES-256-CBC comp-lzo no  # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- ec31b288a9a3865c4b5f3583b481ff5c 434e957be6569ed573a58a102ce53efc b9528f15f5412046c5a603e6916b565b fe2c6a0f955dcec2d3f7e6cec7e373bb dff40b041f1488d4177c3de04bdff43b e361eff6328c499621e0846ec72565ef 734fc02e51540d1c5c19102156a080f7 fde124822bf6fc802dff9facf24998de 6f91f081dafcdd28f4bca9223afe694d 12d57beb6aed96753d651a2ca4722214 5fa87829b9f53f2ccb89d9f15112c9cd 3594ead75bc1df737b50188c2829d724 3aff136577b3c79e6f863112aadf5aeb 8b6d53c607874c71104acfa22e587bd3 22b14a2c0a91e15569d99d5e35a52a8b 0aa4f24ccf10d8757dfd75da14fd21ac -----END OpenVPN Static key V1-----   -----BEGIN CERTIFICATE----- MIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx MTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2 SssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK nayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds/C6haZsp9cM5oGBOOSbHOMJo4S6+6 XmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5 nyDQrLtcZiVyoPCJxB41OoTYd1aLDV/7F+A6ShSQSw/04jQq3yoyQd9qMZUfPieE edjBiVtaN/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd BgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1/owUQYDVR0jBEowSIAUvMfE2qXU 2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg e5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq hkiG9w0BAQsFAAOCAQEAn5mckexf90rXn/xjzhKSbc2pNarQJ/YcmQ5xpRwv8D6x GQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f ow62PMXOp31ru1vq0ar/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q +rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31/mn6i/SWfaJa5gY9I8+jh6q7m bRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD B0/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg== -----END CERTIFICATE-----   Certificate: Data: Version: 3 (0x2) Serial Number: a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Easy-RSA CA Validity Not Before: Nov 5 17:20:19 2021 GMT Not After : Feb 8 17:20:19 2024 GMT Subject: CN=koromicha Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d: cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be: 25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea: a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca: a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d: 4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3: b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54: d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb: c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c: 7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68: 2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2: e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e: 6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7: 70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e: 9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96: 7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc: 97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81: 9a:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E X509v3 Authority Key Identifier: keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA DirName:/CN=Easy-RSA CA serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha256WithRSAEncryption 57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f: 37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1: 3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5: e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf: cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa: 81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82: 80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b: 4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41: df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f: 60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11: 9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58: ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2: 40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a: 0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6: 9f:81:51:c5 -----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4 MTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDR9V/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+ a97IiR05XnJN6qMTKskpRC4X/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe nbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52 bUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyX Pmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1 rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T BAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU vMfE2qXU2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0
Vhc3ktUlNBIENB ghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW N1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev 55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO Pgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz/mCJ0G8O077f2Dl Q7t/YWNxic9V/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK kRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU= -----END CERTIFICATE-----   -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V/IHmzFNf6a aNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X/EjZbIsv yqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw rdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA nrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+ epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU 4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX O0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z 6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC/B6ObWjhQTXk mqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD utY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz NEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy/EX8st 5I7PI8yhPJI8fbq/9oqjd5nwsUbzngdeuyy7HxruzAPQA/bFGSTikyf9jHPYAqZ0 7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY tOg4CdUJFJg5uQblR/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya xWWtXYQLrh6PMOoKy/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q zVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3/Dl Kod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk 2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss BV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN 4OIhDq5puDT+b5fhhYBRkw/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4 EkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46 w3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk AmP8NK+eAoB7RWk8A1ADBlz48xmIH/lR99su9bWWd0xthYuBvx3ZpPRTqp0Z2ehm 7w3jnw+A7BZn1/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN y30Rsmt3vdeo5Rv+whSSypnq -----END PRIVATE KEY-----  

Konfigurasikan Client OpenVPN untuk menggunakan Server DNS tertentu

Jadi tergantung pada metode yang Anda gunakan di atas untuk menentukan alamat server DNS, Anda dapat melanjutkan untuk mengonfigurasi client OpenVPN untuk menggunakan server DNS tertentu sebagai berikut.

Dalam tutorial ini, kami menggunakan sistem Linux, khususnya Debian 11/Rocky Linux 8 sebagai client OpenVPN kami untuk tujuan demonstrasi.

Pada Sistem Ubuntu/Debian:

Install openresol package.Pada sistem Ubuntu/Debian;

apt install openresolv

Selanjutnya, edit file konfigurasi client OpenVPN dan tambahkan baris di bawah ini;

script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf

Lihat contoh file konfigurasi client OpenVPN saya yang diperbarui;

cat client-1.ovpn
client tls-client pull dev tun proto udp4 remote 192.168.58.22 1194 resolv-retry infinite nobind persist-key persist-tun key-direction 1 remote-cert-tls server auth-nocache comp-lzo verb 3 auth SHA512 cipher AES-256-CBC data-ciphers AES-256-CBC comp-lzo no script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf  -----BEGIN OpenVPN Static key V1----- ec31b288a9a3865c4b5f3583b481ff5c 434e957be6569ed573a58a102ce53efc b9528f15f5412046c5a603e6916b565b fe2c6a0f955dcec2d3f7e6cec7e373bb dff40b041f1488d4177c3de04bdff43b e361eff6328c499621e0846ec72565ef 734fc02e51540d1c5c19102156a080f7 fde124822bf6fc802dff9facf24998de 6f91f081dafcdd28f4bca9223afe694d 12d57beb6aed96753d651a2ca4722214 5fa87829b9f53f2ccb89d9f15112c9cd 3594ead75bc1df737b50188c2829d724 3aff136577b3c79e6f863112aadf5aeb 8b6d53c607874c71104acfa22e587bd3 22b14a2c0a91e15569d99d5e35a52a8b 0aa4f24ccf10d8757dfd75da14fd21ac -----END OpenVPN Static key V1-----   -----BEGIN CERTIFICATE----- MIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx MTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2 SssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK nayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds/C6haZsp9cM5oGBOOSbHOMJo4S6+6 XmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5 nyDQrLtcZiVyoPCJxB41OoTYd1aLDV/7F+A6ShSQSw/04jQq3yoyQd9qMZUfPieE edjBiVtaN/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd BgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1/owUQYDVR0jBEowSIAUvMfE2qXU 2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg e5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq hkiG9w0BAQsFAAOCAQEAn5mckexf90rXn/xjzhKSbc2pNarQJ/YcmQ5xpRwv8D6x GQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f ow62PMXOp31ru1vq0ar/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q +rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31/mn6i/SWfaJa5gY9I8+jh6q7m bRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD B0/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg== -----END CERTIFICATE-----   Certificate: Data: Version: 3 (0x2) Serial Number: a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Easy-RSA CA Validity Not Before: Nov 5 17:20:19 2021 GMT Not After : Feb 8 17:20:19 2024 GMT Subject: CN=koromicha Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d: cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be: 25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea: a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca: a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d: 4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3: b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54: d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb: c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c: 7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68: 2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2: e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e: 6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7: 70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e: 9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96: 7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc: 97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81: 9a:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E X509v3 Authority Key Identifier: keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA DirName:/CN=Easy-RSA CA serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha256WithRSAEncryption 57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f: 37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1: 3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5: e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf: cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa: 81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82: 80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b: 4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41: df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f: 60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11: 9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58: ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2: 40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a: 0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6: 9f:81:51:c5 -----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4 MTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDR9V/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+ a97IiR05XnJN6qMTKskpRC4X/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe nbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52 bUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWs
uiOhObqOVCTDQ4wbfyX Pmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1 rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T BAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU vMfE2qXU2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB ghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW N1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev 55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO Pgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz/mCJ0G8O077f2Dl Q7t/YWNxic9V/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK kRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU= -----END CERTIFICATE-----   -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V/IHmzFNf6a aNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X/EjZbIsv yqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw rdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA nrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+ epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU 4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX O0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z 6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC/B6ObWjhQTXk mqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD utY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz NEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy/EX8st 5I7PI8yhPJI8fbq/9oqjd5nwsUbzngdeuyy7HxruzAPQA/bFGSTikyf9jHPYAqZ0 7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY tOg4CdUJFJg5uQblR/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya xWWtXYQLrh6PMOoKy/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q zVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3/Dl Kod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk 2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss BV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN 4OIhDq5puDT+b5fhhYBRkw/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4 EkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46 w3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk AmP8NK+eAoB7RWk8A1ADBlz48xmIH/lR99su9bWWd0xthYuBvx3ZpPRTqp0Z2ehm 7w3jnw+A7BZn1/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN y30Rsmt3vdeo5Rv+whSSypnq -----END PRIVATE KEY-----  

Hubungkan client ke VPN;

openvpn client-1.ovpn
2021-11-08 14:25:09 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2021-11-08 14:25:09 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2021-11-08 14:25:09 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 2021-11-08 14:25:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-11-08 14:25:09 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-11-08 14:25:09 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-11-08 14:25:09 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.58.22:1194 2021-11-08 14:25:09 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021-11-08 14:25:09 UDPv4 link local: (not bound) 2021-11-08 14:25:09 UDPv4 link remote: [AF_INET]192.168.58.22:1194 2021-11-08 14:25:09 TLS: Initial packet from [AF_INET]192.168.58.22:1194, sid=0a6596f7 2db76aa3 2021-11-08 14:25:09 VERIFY OK: depth=1, CN=Easy-RSA CA 2021-11-08 14:25:09 VERIFY KU OK 2021-11-08 14:25:09 Validating certificate extended key usage 2021-11-08 14:25:09 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-11-08 14:25:09 VERIFY EKU OK 2021-11-08 14:25:09 VERIFY OK: depth=0, CN=server 2021-11-08 14:25:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA 2021-11-08 14:25:09 [server] Peer Connection Initiated with [AF_INET]192.168.58.22:1194 2021-11-08 14:25:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.58.22,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN kifarunix-demo.com,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-CBC' 2021-11-08 14:25:09 OPTIONS IMPORT: timers and/or timeouts modified 2021-11-08 14:25:09 OPTIONS IMPORT: --ifconfig/up options modified 2021-11-08 14:25:09 OPTIONS IMPORT: route options modified 2021-11-08 14:25:09 OPTIONS IMPORT: route-related options modified 2021-11-08 14:25:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2021-11-08 14:25:09 OPTIONS IMPORT: peer-id set 2021-11-08 14:25:09 OPTIONS IMPORT: adjusting link_mtu to 1625 2021-11-08 14:25:09 OPTIONS IMPORT: data channel crypto options modified 2021-11-08 14:25:09 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 2021-11-08 14:25:09 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-11-08 14:25:09 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 2021-11-08 14:25:09 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-11-08 14:25:09 net_route_v4_best_gw query: dst 0.0.0.0 2021-11-08 14:25:09 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2021-11-08 14:25:09 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:36:23:40 2021-11-08 14:25:09 TUN/TAP device tun0 opened 2021-11-08 14:25:09 net_iface_mtu_set: mtu 1500 for tun0 2021-11-08 14:25:09 net_iface_up: set tun0 up 2021-11-08 14:25:09 net_addr_v4_add: 10.8.0.2/24 dev tun0 2021-11-08 14:25:09 /etc/openvpn/update-resolv-conf tun0 1500 1625 10.8.0.2 255.255.255.0 init dhcp-option DNS 192.168.58.22 dhcp-option DNS 8.8.8.8 dhcp-option DOMAIN kifarunix-demo.com 2021-11-08 14:25:10 net_route_v4_add: 192.168.58.22/32 via 10.0.2.2 dev [NULL] table 0 metric -1 2021-11-08 14:25:10 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1 2021-11-08 14:25:10 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1 2021-11-08 14:25:10 Initialization Sequence Completed 

Ini memperbarui /etc/resolv.conffile dengan entri DNS kustom Anda;

cat /etc/resolv.conf
# Generated by resolvconf search kifarunix-demo.com nameserver 192.168.58.22 nameserver 8.8.8.8

Resolusi DNS internal saya;

dig debian11.kifarunix-demo.com +short
192.168.59.14

Lihat panduan DNS kami;

Konfigurasi Server DNS BIND menggunakan Webmin di Debian 11

Di CentOS/RHEL/Rocky Linux:

instal pembaruan-systemd-resolved

git clone https://github.com/jonathanio/update-systemd-resolved.git cd update-systemd-resolved make

keluaran sampel;

Berhasil menginstal update-systemd-resolved ke /etc/openvpn/scripts/update-systemd-resolved. Sekarang adalah saat yang tepat untuk memperbarui /etc/nsswitch.conf: # Gunakan systemd-resolved terlebih dahulu, kemudian kembali ke /etc/resolv.conf hosts: files resolve dns myhostname # Gunakan /etc/resolv.conf terlebih dahulu, lalu jatuh kembali ke host yang diselesaikan systemd: files dns resolve myhostname Anda juga harus memperbarui konfigurasi OpenVPN Anda: setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin script-security 2 up /etc/openvpn/scripts/update-systemd-resolved up-restart down /etc/openvpn/scripts/update-systemd-resolved down-pre atau pass –config /etc/openvpn/scripts/update-systemd -resolved.conf selain argumen –config lainnya untuk perintah openvpn Anda.

Selanjutnya, aktifkan systemd-resolved.service.

systemctl enable --now systemd-resolved.service

Memperbarui yang /etc/nsswitch.conf berkas
untuk mencari DNS melalui  resolveservice (systemd-resolved.service). (Gunakan /etc/resolv.conf terlebih dahulu, lalu kembali ke systemd-resolved)

sed -i '/hosts:/s/dns/dns resolve/' /etc/nsswitch.conf

Selanjutnya, perbarui file konfigurasi client untuk menyertakan baris;

setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin script-security 2 up /etc/openvpn/scripts/update-systemd-resolved up-restart down /etc/openvpn/scripts/update-systemd-resolved down-pre

Dan seperti inilah contoh konfigurasi saya;

cat client-1.ovpn
client tls-client pull dev tun proto udp4 remote 192.168.58.22 1194 resolv-retry infinite nobind persist-key persist-tun key-direction 1 remote-cert-tls server auth-nocache comp-lzo verb 3 auth SHA512 cipher AES-256-CBC comp-lzo no setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin script-security 2 up /etc/openvpn/scripts/update-systemd-resolved up-restart down /etc/openvpn/scripts/update-systemd-resolved down-pre  # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- ec31b288a9a3865c4b5f3583b481ff5c 434e957be6569ed573a58a102ce53efc b9528f15f5412046c5a603e6916b565b fe2c6a0f955dcec2d3f7e6cec7e373bb dff40b041f1488d4177c3de04bdff43b e361eff6328c499621e0846ec72565ef 734fc02e51540d1c5c19102156a080f7 fde124822bf6fc802dff9facf24998de 6f91f081dafcdd28f4bca9223afe694d 12d57beb6aed96753d651a2ca4722214 5fa87829b9f53f2ccb89d9f15112c9cd 3594ead75bc1df737b50188c2829d724 3aff136577b3c79e6f863112aadf5aeb 8b6d53c607874c71104acfa22e587bd3 22b14a2c0a91e15569d99d5e35a52a8b 0aa4f24ccf10d8757dfd75da14fd21ac -----END OpenVPN Static key V1-----   -----BEGIN CERTIFICATE----- MIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx MTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2 SssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK nayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds/C6haZsp9cM5oGBOOSbHOMJo4S6+6 XmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5 nyDQrLtcZiVyoPCJxB41OoTYd1aLDV/7F+A6ShSQSw/04jQq3yoyQd9qMZUfPieE edjBiVtaN/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd BgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1/owUQYDVR0jBEowSIAUvMfE2qXU 2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg e5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq hkiG9w0BAQsFAAOCAQEAn5mckexf90rXn/xjzhKSbc2pNarQJ/YcmQ5xpRwv8D6x GQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f ow62PMXOp31ru1vq0ar/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q +rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31/mn6i/SWfaJa5gY9I8+jh6q7m bRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD B0/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg== -----END CERTIFICATE-----   Certificate: Data: Version: 3 (0x2) Serial Number: a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Easy-RSA CA Validity Not Before: Nov 5 17:20:19 2021 GMT Not After : Feb 8 17:20:19 2024 GMT Subject: CN=koromicha Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d: cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be: 25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea: a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca: a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d: 4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3: b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54: d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb: c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c: 7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68: 2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2: e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e: 6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7: 70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e: 9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96: 7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc: 97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81: 9a:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E X509v3 Authority Key Identifier: keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA DirName:/CN=Easy-RSA CA serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha256WithRSAEncryption 57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f: 37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1: 3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5: e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf: cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa: 81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82: 80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b: 4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41: df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f: 60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11: 9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58: ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2: 40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a: 0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6: 9f:81:51:c5 -----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4 MTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDR9V/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+ a97IiR05XnJN6qMTKskpRC4X/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe nbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52 bUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyX Pmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1 rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T BAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU vMfE2qXU2IZw4c5X+i48cGji1/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB ghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW N1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev 55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO Pgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz/mCJ0G8O077f2Dl Q7t/YWNxic9V/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK kRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU= -----END CERTIFICATE-----   -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V/IHmzFNf6a aNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X/EjZbIsv yqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw rdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA nrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h/p3AFLC3wVF5+ epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL/JcBXhUkKMYkgTnU 4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX O0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z 6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC/B6ObWjhQTXk mqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD utY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz NEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy/EX8st 5I7PI8yhPJI8fbq/9oqjd5nwsUbzngdeuyy7HxruzAPQA/bFGSTikyf9jHPYAqZ0 7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY tOg4CdUJFJg5uQblR/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya xWWtXYQLrh6PMOoKy/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q zVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3/Dl Kod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk 2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss BV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN 4OIhDq5puDT+b5fhhYBRkw/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4 EkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46 w3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk AmP8NK+eAoB7RWk8A1ADBlz48xmIH/lR99su9bWWd0xthY
uBvx3ZpPRTqp0Z2ehm 7w3jnw+A7BZn1/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN y30Rsmt3vdeo5Rv+whSSypnq -----END PRIVATE KEY-----  

Menghubungkan ke VPN;

openvpn client-1.ovpn
Tue Nov 9 00:02:52 2021 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021 Tue Nov 9 00:02:52 2021 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.08 Tue Nov 9 00:02:52 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Nov 9 00:02:52 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 9 00:02:52 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 9 00:02:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.58.22:1194 Tue Nov 9 00:02:52 2021 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Nov 9 00:02:52 2021 UDPv4 link local: (not bound) Tue Nov 9 00:02:52 2021 UDPv4 link remote: [AF_INET]192.168.58.22:1194 Tue Nov 9 00:02:52 2021 TLS: Initial packet from [AF_INET]192.168.58.22:1194, sid=f89234f0 4a96fc1e Tue Nov 9 00:02:52 2021 VERIFY OK: depth=1, CN=Easy-RSA CA Tue Nov 9 00:02:52 2021 VERIFY KU OK Tue Nov 9 00:02:52 2021 Validating certificate extended key usage Tue Nov 9 00:02:52 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Nov 9 00:02:52 2021 VERIFY EKU OK Tue Nov 9 00:02:52 2021 VERIFY OK: depth=0, CN=server Tue Nov 9 00:02:52 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Tue Nov 9 00:02:52 2021 [server] Peer Connection Initiated with [AF_INET]192.168.58.22:1194 Tue Nov 9 00:02:53 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Nov 9 00:02:53 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.58.22,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN kifarunix-demo.com,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-CBC' Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: timers and/or timeouts modified Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: --ifconfig/up options modified Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: route options modified Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: route-related options modified Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: peer-id set Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: adjusting link_mtu to 1625 Tue Nov 9 00:02:53 2021 OPTIONS IMPORT: data channel crypto options modified Tue Nov 9 00:02:53 2021 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Nov 9 00:02:53 2021 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 9 00:02:53 2021 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Nov 9 00:02:53 2021 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 9 00:02:53 2021 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3e:fe:0e Tue Nov 9 00:02:53 2021 TUN/TAP device tun0 opened Tue Nov 9 00:02:53 2021 TUN/TAP TX queue length set to 100 Tue Nov 9 00:02:53 2021 /sbin/ip link set dev tun0 up mtu 1500 Tue Nov 9 00:02:53 2021 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255 Tue Nov 9 00:02:53 2021 /etc/openvpn/scripts/update-systemd-resolved tun0 1500 1605 10.8.0.2 255.255.255.0 init <14>Nov 9 00:02:53 update-systemd-resolved: Link 'tun0' coming up <14>Nov 9 00:02:53 update-systemd-resolved: Adding IPv4 DNS Server 192.168.58.22 <14>Nov 9 00:02:53 update-systemd-resolved: Adding IPv4 DNS Server 8.8.8.8 <14>Nov 9 00:02:53 update-systemd-resolved: Adding DNS Domain kifarunix-demo.com <14>Nov 9 00:02:53 update-systemd-resolved: SetLinkDNS(22 2 2 4 192 168 58 22 2 4 8 8 8 8) <14>Nov 9 00:02:53 update-systemd-resolved: SetLinkDomains(22 1 kifarunix-demo.com false) Tue Nov 9 00:02:53 2021 /sbin/ip route add 192.168.58.22/32 via 10.0.2.2 Tue Nov 9 00:02:53 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1 Tue Nov 9 00:02:53 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1 Tue Nov 9 00:02:53 2021 Initialization Sequence Completed 

DNS lokal Anda sekarang seharusnya berfungsi saat terhubung ke VPN.

Baca lebih lanjut tentang kebocoran DNS.

Dan begitulah cara Anda dapat mengonfigurasi client OpenVPN untuk menggunakan Server DNS tertentu.

Tutorial lainnya

Buat Perubahan DNS Permanen di resolv.conf di Linux

Instal dan Atur Admin PowerDNS dengan Mudah di Ubuntu 20.04

Related Posts

© 2022 Tekno Sridianti