OpenVPN Installation

This installation is designed for "site to site" VPN
Server and Client also is the Linux OS server: RHEnt,CentOS,FC3/4/5

Network example in follow installation:

Server WAN IP: 123.123.123.123
Server Lan subnet: 192.168.1.0
Server Lan IP: 192.168.1.10
Server openvpn IP (tun0): 10.0.0.1

Client Lan subnet: 192.168.2.0
CLient Lan IP: 192.168.2.10
Client openvpn IP (tun0): 10.0.0.2


Step 1

yum install openvpn lzo openssl openssl-devel

Install openvpn and its related package via yum in SERVER side and CLIENT side.

find / -name "easy-rsa"
cp -av /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod -R 777 /etc/openvpn/easy-rsa
mkdir /etc/openvpn/keys

Copy source folder from /etc/openvpn/easy-rsa to /etc/openvpn

vi vars

export KEY_DIR=/etc/openvpn/keys
.
.
.
export KEY_COUNTRY=HK
export KEY_PROVINCE=NA
export KEY_CITY=HK
export KEY_ORG="mydomain"
export KEY_EMAIL=me@mydomain.com

Edit variable file "vars"

. ./vars
./clean-all
./build-ca

Now its time to make the certificates, enter these commands. just hit enter to the defaults apart from Common Name,
Common Name this must be unique call it something like "mydomain"

Step 2 - In server side

./built-key server

Make server keys , Common Name use as "mydomain"

./built-key client1
./built-key client2
./build-dh

Make client keys , Common Name use as "mydomain"


vi /etc/openvpn/server.conf

dev tun
ifconfig 10.0.0.1 10.0.0.2
tls-server
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
port 1200
user nobody
group nobody
ping 15
ping-restart 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
#comp-lzo
#cipher BF-CBC
verb 3

Modify server configuration /etc/openvpn/server.conf

vi /etc/init.d/openvpn

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/route add -net 192.168.2.0/24 gw 10.0.0.1 dev tun0
iptables -t nat -A POSTROUTING -s 10.0.0.2 -j SNAT --to-source 192.168.1.10 iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source 192.168.1.10

In /etc/init.d/openvpn, find the line "echo 1 > /proc/sys/net/ipv4/ip_forward" and then Uncomment it. In next line add line2 and line3

/etc/init.d/openvpn start
chkconfig openvon on

Start and enable auto-start of openvpn



Step 3 - In client side

mkdir /etc/openvpn/keys
cd /etc/openvpn/keys
scp -p 123.123.123.123:/etc/openvpn/keys/client1* .
scp -p 123.123.123.123:/etc/openvpn/keys/ca.crt .
scp -p 123.123.123.123:/etc/openvpn/keys/dh1024.pem .

Copy all keys (client1* , dh1024.pem ca.crt) from server to client side /etc/openvpn/keys

vi /etc/openvpn/client1.conf

dev tun
#server ip
remote 123.123.123.123
ifconfig 10.0.0.2 10.0.0.1
tls-client
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
#server port
port 1200
user nobody
group nobody
ping 15
ping-restart 60
ping-timer-rem
persist-tun
persist-key
proto tcp-client
verb 3

Modify client1 configuration /etc/openvpn/client1.conf

vi /etc/init.d/openvpn

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/route add -net 192.168.1.0/24 gw 10.0.0.2 dev tun0
iptables -t nat -A POSTROUTING -s 10.0.0.1 -j SNAT --to-source 192.168.2.10 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.10

In /etc/init.d/openvpn, find the line "echo 1 > /proc/sys/net/ipv4/ip_forward" and then Uncomment it. In next line, add line2 d line3

/etc/init.d/openvpn start
chkconfig openvon on

Start and enable auto-start of openvpn



Step 4 - Connection testing

ping 10.0.0.2
ping 192.168.2.x
tail -f /var/log/messages
netstat -tlanp |grep openvpn

Test connection and view log from server side

ping 10.0.0.1
ping 192.168.1.x
tail -f /var/log/messages
netstat -tlanp |grep openvpn

Test connection and view log from client side



Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.