Posted inlinux openvpn

HOWTO OpenVPN setup(excelent)

No CommentsPosted inlinux, openvpn

1. First of all get a few additional repos, If you already have your repos setup, skip this step

If you have Fedora 3, follow these steps, http://stanton-finley.net/fedora_cor…notes.html#Yum

If you have Fedora 4, follow these steps, http://stanton-finley.net/fedora_cor…notes.html#Yum

If you have Fedora 5, follow these steps, http://stanton-finley.net/fedora_cor…notes.html#Yum

if you have CentOS, follow the “additional third party CentOS repos” http://www.osresources.com/11_6_en.html Then issue these commands, each line is a new command, anything beginning with “#” are comments so dont try to execute those.

# yum update
# yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don’t worry

2. Right, now you want to install OpenVPN, here are the commands,

# yum install openvpn -y
// Now check that it works
# service openvpn start
# service openvpn stop

3. A few things to setup before you can make certificates, issue these commands,

# find / -name "easy-rsa"
// you should get an output like this
# /usr/share/doc/openvpn-2.0.7/easy-rsa
// Now, make a copy of the easy-rsa directory, to /etc/openvpn/
( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
# cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa
# chmod 777 *
# mkdir /etc/openvpn/keys

4. You need to edit the vars file, located in /etc/openvpn/easy-rsa

You can use any editor you like, I used vi. Change the line

# export KEY_DIR=$D/keys

to

# export KEY_DIR=/etc/openvpn/keys

Also at the bottom of this file you will see something similar to this,

# export KEY_COUNTRY=US
# export KEY_PROVINCE=CA
# export KEY_CITY=SOMEWHERE
# export KEY_ORG="My Org"
# export KEY_EMAIL=me@mydomain.com

Change this to your own values.

5. Now its time to make the certificates, enter these commands

# ../vars
# ./clean-all
# ./build-ca

# just hit enter to the defaults apart from Common Name, this must be unique # call it something like mydomain-ca

# ./build-key-server server
# ./build-key client1

# remember that common name must be unique e.g. use mydomain-client1 # and YES you want to sign the keys

# ./build-key client2

# do this step for as many clients as you need.

# ./build-dh

6. We are almost done now… right we need to create a few config files, you can download my template from here,

# cd /etc/openvpn
# wget www.designpc.co.uk/downloads/server.conf

# make sure you change a few things in the server.conf file, like DNS # servers

# touch server-tcp.log

~ this makes the log file..

# touch ipp.txt

this makes the IP reservation list.

7. You need to make a few changes to OpenVPN itself. Go to..

# cd /etc/init.d/

edit the openvpn file #Uncomment this line (line 119)

# echo 1 > /proc/sys/net/ipv4/ip_forward

Add these lines below it, changing 123.123.123.123 to your public IP address,

# iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
# iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123

Now install iptables if you don’t have it already,

# yum install iptables

// test it

# service iptables start
# service iptables stop

8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;

http://www.designpc.co.uk/downloads/….3-install.exe You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/

## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.

ca.crt
client1.csr
client1.key
client1.crt

Put these files in this directory C:\Program Files\OpenVPN\config\ Now you need to make a client config, here is an example..

clientdev tunproto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tunca ca.crtcert client1.crtkey client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3

Make sure you edit any of the lines with comments above them.Call this fileclient1.opvn and put it in C:\Program Files\OpenVPN\config\ Make sure the fileextension is .opvn not .txtTo connect right click on OpenVPN in thetaskbar >> ConnectTo test ping 192.168.2.1If you get a response, you in business

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *