I have searched this forum and i don't find any OPENVPN tutorial, so i'll write tutorial how to make OPENVPN running on CentOS, hope it will be useful.
Here i'm using OpenVZ VPS with CentOS 5.5 32bit, and about the memory requirement? Don't worry, OPENVPN doesn't eat your memory too much, i have 50 user running in my 128MB vps and it only eats 25MB memory
First thing you have to do is check whether tun/tap is active or not by typing
#cat /dev/net/tun
take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate itCode:cat: /dev/net/tun: File descriptor in bad state
Install required modules
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
Download OPENVPN repo
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
for 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
for 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
Build the rpm packages
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
*remember to change i386 to x86_64 if you're using 64bit
Install OPENVPN
#yum install openvpn
Copy OPENVPN easy-rsa folder to /etc/openvpn/
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
Now let's create the certificate
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all
Build CA
#./build-ca
Build key serverCode:Country Name: may be filled or press enter State or Province Name: may be filled or press enter City: may be filled or press enter Org Name: may be filled or press enter Org Unit Name: may be filled or press enter Common Name: your server hostname Email Address: may be filled or press enter
#./build-key-server server
Code:Almost the same with ./build.ca but check the changes and additional Common Name: server A challenge password: leave Optional company name: fill or enter sign the certificate: y 1 out of 1 certificate requests: y
Build Diffie Hellman (wait a moment until the process finish)
#./build-dh
Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like
#nano /etc/openvpn/1194.conf
before you save the configuration, make sure that the "plugin /usr/share/.. /pam.d/login" is one lineCode:local 123.123.123.123 #- your_server_ip port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 1.2.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
Start the OPENVPN with 1194.conf
#openvpn /etc/openvpn/1194.conf &
here's the status if OPENVPN successfully started
Make OPENVPN 1194.conf running in backgroundCode:Mon Feb 21 02:23:20 2011 UDPv4 link remote: [undef] Mon Feb 21 02:23:20 2011 MULTI: multi_init called, r=256 v=256 Mon Feb 21 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62 Mon Feb 21 02:23:20 2011 Initialization Sequence Completed
#bg
Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward
Route iptables
#iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123
*1.2.3.0 is allocated ip for OPENVPN client
*123.123.123.123 is your server ip
Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username
Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client
Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.1.4 from here
After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)
Also create client configuration file in OPENVPN config directory, here's the example:
save with anyname.ovpn or 1194.ovpnCode:client dev tun proto udp #- protocol remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3
Run OPENVPN Client on your Windows, connect with your username and password.
Check your IP Address in browser and Voila!!! You're IP is now changed to your server IP
note:
- Never fails make OPENVPN on CentOS with this tutorial
- Those configurations above are basic configuration, you can check OPENVPN website for another configuration
- If you're using Win 7, before installing OPENVPN client, right click on the installer, properties, run as administrator and change compatibility to Windows XP SP3
- If you wanna add another port, maybe TCP so you can run OPENVPN over proxy, just create new configuration for server, adjust the following lines:
also new configuration for clientCode:port: your preferred port protocol: tcp or udp client's ip: 1.2.4.0 or 1.2.5.0 ; 1.2.6.0 ; and so on
and then run the commandCode:proto xxxx #- change xxxx to tcp or udp remote 123.123.123.123 yyyy #- change yyyy to OPENVPN port
#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123
Moderator Message
Hotlinked to images
//Staff
Reply With Quote
Originally Posted by SealLion
Bookmarks