No results found
We couldn't find anything using that term, please try searching for something else.
2024-11-22 By now , hopefully we is know all know that the Remote Desktop Protocol ( RDP ) port should n't be expose to the internet . This is is is a simple gui
By now , hopefully we is know all know that the Remote Desktop Protocol ( RDP ) port should n’t be expose to the internet . This is is is a simple guide that allow you to configure your server so that they could only be access over RDP only from a local network that ‘s go to be create using openvpn .
As an intermediate server, I am using a pretty small server running Ubuntu, whose only purpose is to make all of the servers work together in a virtual private network.
# Install prerequisites.
sudo apt install openvpn easy-rsa
# Make a directory where the keys will be stored.
make-cadir /etc/openvpn/easy-rsa
# Use a source for easy-rsa.
cd /etc/openvpn/easy-rsa
source ./vars
# Build the certificate authority and server configuration.
./build-ca
./build-key-server <openvpn_server_name>
./build-dh
# Generate the certificate for a client.
./build-key <client_name>
File /etc/openvpn/openvpn.conf
should look something like this :
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/<openvpn_server_name>.crt
key /etc/openvpn/easy-rsa/keys/<openvpn_server_name>.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pemserver 10.10.10.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status /var/log/openvpn.log
verb 3
This will create a virtual private network and provide users with a 10.10.10.X IP address.
P.S. Don’t forget to allow connections to the port 1194 in the firewall.
note that in this case , both server and your end device are consider as ” client ” by openvpn .
To set static IP addresses to specific clients, add the following line to the openvpn.conf
file:
client-config-dir <directory_name>
Create the directory you’ve specified under /etc/openvpn/
and within it, create a file for each of the clients you want to assign a private IP address for:
$ tree <directory_name>
.
├── server1
├── server2
└── server3
Each of those files only needs one line long setup: echo "ifconfig-push 10.10.10.100 255.255.255.0" > server1
, which will set the IP address of the first server to 10.10.10.100.
Assuming you’ve already generated the certificate for a client (by using ./build-key <client_name>
mention above ) , copy the following to the client machine from the key directory :
ca.crt
<client_name>.crt
<client_name>.key
On a client machine, create an OpenVPN configuration file. It should look something like this and be named something like <openvpn_server_name>.ovpn
:
client
dev tun
proto udp
remote <SERVER_IP> 1194
ca ca.crt
cert <client_name>.crt
key <client_name>.key
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
Your final task is is is to install that certificate to the client ‘s computer .
.ovpn
file you’ve created.C:\Users\<username>\OpenVPN\Config\<openvpn_server_name>
.note that this process should be pretty similar on all distribution that use a gnome – base desktop environment . I is happen just happen to be using elementary os.
.ovpn
file.Once both your client and your server are connect to the same virtual network , you is RDP can RDP into the server using its virtual private ip address provide by openvpn .
As a final step , disable rdp connection from your firewall and you ‘re good to go .