indoFreeBSD - Komunitas FreeBSD Indonesia - Installasi VPN Client di FreeBSD

Menurut IETF, Internet Engineering Task Force, VPN is an emulation of [a]
private Wide Area Network(WAN) using shared or public IP facilities, such as the Internet or
private IP backbones.VPN merupakan suatu bentuk private internet yang melalui public network
(internet), dengan menekankan pada keamanan data dan akses global melalui internet.
Hubungan ini dibangun melalui suatu tunnel (terowongan) virtual antara 2 node

VPN adalah singkatan dari virtual private network, yaitu jaringan pribadi
(bukan untuk akses umum) yang menggunakan medium nonpribadi (misalnya internet)
untuk menghubungkan antar remote-site secara aman. Perlu penerapan teknologi
tertentu agar walaupun menggunakan medium yang umum, tetapi traffic (lalu lintas)
antar remote-site tidak dapat disadap dengan mudah, juga tidak memungkinkan
pihak lain untuk menyusupkan traffic yang tidak semestinya ke dalam remote-site.

A virtual private network (VPN) is a communications network tunneled through
another network, and dedicated for a specific network. One common application
is secure communications through the public Internet, but a VPN need not
have explicit security features, such as authentication or content encryption.
VPNs, for example, can be used to separate the traffic of different user
communities over an underlying network with strong security features.

A VPN may have best-effort performance, or may have a defined Service Level
Agreement (SLA) between the VPN customer and the VPN service provider.
Generally, a VPN has a topology more complex than point-to-point.
The distinguishing characteristic of VPNs are not security or performance,
but that they overlay other network(s) to provide a certain functionality
that is meaningful to a user community.

Ok langsung saja kita mulai..
dalam hal artikel ini fl3xu5 membatasi untuk tidak begitu detail membahas
apa itu vpn dan bagaimana cara kerjanya dan detail lainnya.
KArena sepintas dah fl3xu5 paste kan description yang diambil dari wikipedia.
Rekan rekan bisa lebih mendalami nya sendiri untuk lebih lanjut.
Nah disini kita akan membahas tentang bagaimana cara installasi vpn client
yang nantinya digunaakn untuk konek ke internet.
Lets Started.

Jadi Pada Intinya Konfigurasi sistem yang digunakan adalah sebagai berikut :

Client(LAN) –> VPN server –> Proxy Lokal ->ISP –> internet

===== Spesifikasi =======
–>> package yang dibutuhkan
- pptp-command
- pptp-linux
bisa di download di http://fl3xu5.web.id/distfiles/packages/pptp.rar
VPN server : 192.168.1.10

—>> Spesifikasi client :
- freebsd 6.2
- ip 192.168.1.2

username VPN = 123456 = Local Name = 123456
password = good

Langkah Installasi :
1. Downloadlah package pptp command dan pptp-linux
di http://fl3xu5.web.id/distfiles/packages/pptp.rar
[root@fl3xu5 /]# wget http://fl3xu5.web.id/distfiles/packages/pptp.rar
2. Extract lah pptp.rar menjadi dua buah package yaitu
pptp-command.tar.gz dan pptp-linux-1.4.0.tar.gz.
3. Extract masing masing package tersebut :
[root@fl3xu5 /]# tar -zxvf pptp-command.tar.gz
[root@fl3xu5 /]# tar -zxvf pptp-linux-1.4.0.tar.gz
4. Installasi pptp-linux-1.4.0
[root@fl3xu5 /]# cd pptp-linux-1.4.0
[root@fl3xu5 /pptp-linux-1.4.0]# make
[root@fl3xu5 /pptp-linux-1.4.0]# make install
[root@fl3xu5 /pptp-linux-1.4.0]# cp pptp-command /usr/bin
[root@fl3xu5 /]# touch /etc/pptp.d
5. Set up / konfigurasi :
[root@fl3xu5 /]# pptp-command
1.) start
2.) stop
3.) setup
4.) quit
What task would you like to do?: 3
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 1
1.) List CHAP secrets
2.) Add a New CHAP secret
3.) Delete a CHAP secret
4.) Quit
?: 2
Add a NEW CHAP secret.

NOTE: Any backslashes (\) must be doubled (\\).

Local Name: <– kosongkan saja (langsung tekan enter)

This is the ‘local’ identifier for CHAP authentication.

NOTE: If the server is a Windows NT machine, the local name
should be your Windows NT username including domain.
For example:

domain\\username
Local Name: 123456 <– diisi dengan username VPN

Remote Name:

This is the ‘remote’ identifier for CHAP authentication.
In most cases, this can be left as the default. It must be
set if you have multiple CHAP secrets with the same local name
and different passwords. Just press ENTER to keep the default.

Remote Name [PPTP]:

Password: <– isikan passwd untuk VPN = good

This is the password or CHAP secret for the account specified. The
password will not be echoed.
Password:

This is the password or CHAP secret for the account specified. The
password will not be echoed.

Password:
Adding secret 123456 PPTP *****

1.) List CHAP secrets
2.) Add a New CHAP secret
3.) Delete a CHAP secret
4.) Quit
?: 4
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 8

[root@fl3xu5 /]# mkdir /etc/ppp/peers/
[root@fl3xu5 /]# pptp-command
1.) start
2.) stop
3.) setup
4.) quit
What task would you like to do?: 3
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 4

Add a NEW PPTP Tunnel.

1.) Other
Which configuration would you like to use?: 1
Tunnel Name: Internet <– misalkan tunel name = internet
Server IP: 192.168.1.10 <– VPN server.
What route(s) would you like to add when the tunnel comes up?
This is usually a route to your internal network behind the PPTP server.
You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file
TUNNEL_DEV is replaced by the device of the tunnel interface.
DEF_GW is replaced by the existing default gateway.
The syntax to use is the same as the route(8) command.
Enter a blank line to stop.
route: <– Enter aja langsung
Local Name and Remote Name should match a configured CHAP or PAP secret.
Local Name is probably your NT domain\username.
NOTE: Any backslashes (\) must be doubled (\\).

Local Name: 123456 <– isikan dengan username VPN anda.
Remote Name [PPTP]:
Adding Internet - 192.168.1.10 - - PPTP
Added tunnel Internet
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 8

Proses Installasi telah selesai.
Untuk mengecek apakah VPN client tersebut sudah bisa digunakan start lah
VPN client tersebut , caranya :
[root@fl3xu5 ~]# pptp-command
1.) start
2.) stop
3.) setup
4.) quit
What task would you like to do?: 1
1.) Internet
Start a tunnel to which server?: 1

apabila telah berhasil maka kita bisa mengecek IP kita.
[root@fl3xu5 /]# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:01:03:44:36:f0
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=108051<UP,POINTOPOINT,RUNNING,MULTICAST,NEEDSGIANT> mtu 1500
inet 172.16.10.5 –> 172.16.1.1 netmask 0xffff0000

Catatan : 172.16.1.1 = proxy lokal.
172.16.10.5 = IP yang kita dapatkan dari VPN server.

Selanjutnya kita bisa mengetest untuk melakukan koneksi terhadap internet
dengan cara browsing baik via web browser sepeerti firefox ataupun via CLI
dengan menggaunakan “lynx” dab sebagainya.

NB : untuk browsing menggunakan lynx jgn lupa setup proxy nya dan set lynx.cfg
[root@fl3xu5 ~]# export http_proxy=http://172.16.1.1:8080
[root@fl3xu5 ~]# lynx google.com

Selesai.

Reference :
- http://en.wikipedia.org/wiki/Virtual_private_network

Shout and Greets :
- ALLAH SWT dan Nabi Muhammad SAW
- My parents and my Family (thx u very much for your love..)
- My h0n3y
- all of te-28-01 erz
- My Big Family “4G’erz” at mobilecommlab[dot]or[dot]id [Yuuk Pelatihan lagi ;p]
dark|ipl, digital-levi, bledhek, hzent,tw, kopral, natztel, alkahfi,
si Om, PakRT, timin,kopasus, scriptdana, why, mas kasep and bibi-x,dkk
- newhack|staff : fl3xu5,opt1lc, k1tk4t ,gh0z.
- My Old Fanily at CnC labz : arz, freak,Cyb3rh3b dkk (missed u guys ;p)
- Student’s erZ #students..oii jgn chat muluw
raiden, vindie, ai,another_day,waf, netzerospace, otong, tunk, dkk
- MY Best Friend : ayullina ,sakitjiwa, Pushm0v ,cybertank,kendi, irving_nazmi
- Echoerz :
m_beben,iFX, matdhule, shideX, t0ngkring, th3sn0wbr4in, y3d1ps, the_day,
lirva32,dkk
- Kecoak’ers : zka, Ph03n1X, primadonal, cR45H3R, aulia, sat-anichell,mbah scut dkk
- Sekuritionline : thesims, adhietslank, cyberlog, letjen, k1ngk0ng, babypunk,
cah|gemblunkz, ikatama , dkk
- My friends at websecure community : bambang, boerz, bigie, pak iwan,
feri , net crawler dkk
- My Friends at Yogyafree : camgenta,the_rumput_kering,familycode, Paman,
3rr0r1sts, tazmaniadevil, bayu_pw
- all of My Friends Indonesian Undergorundz Community | staff and memberz
at #newhack[dot]org #e-c-h-o, #1stlink, #antihackerlink, #yogyafree-underground,
#k-elektronik, #yogyafree, #xcode, #sekuritionline,#ayulina, #canda-ops, #fl3xu5
#jasakom, #unsecured, #hackercrew, and all of underground channel @DALnet
#nyubicrew @irc.mildnet.org
- my friends at #indofreebsd, #mobilecommlab at DALnet
- and all of my friends yang ga bisa di sebutin satu2 baik dalam
negeri maupun luar negeri