« LVM Example
Safe or Glitch-Free Clock Gating »

OpenVPN setup on Centos 5.2

Posted by lane

OpenVPN is a very capable SSL-based VPN client/server software package. It has great documentation at
OpenVPN Howto Documents.

  • To install on CentOS, I grab the rpms from the EPEL repo. EPEL stands for Extra Packages for Enterprise Linux. They are Fedora packages repackaged for Redhat Enterprise. The project homepage and documentation is at http://fedoraproject.org/wiki/EPEL. There is also a package list at that site.
    To install the EPEL yum repo, run the following command:

    sudo rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-2.noarch.rpm

    Change the architecture and version appropriately for your machine.

  • Install OpenVPN with the following command: 
    yum install openvpn
  • For now I will setup OpenVPN to route rather than bridge. Later I will likely bridge two remote networks.
  • Generate the Master Certificate Authority. Copy the templates files into place: 
    sudo cp -r /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/certs

    Now cd into /etc/openvpn/certs and edit the var file. The only thing I changed was the last five lines containing the location information. Now run the following commands

    sudo su
. ./vars
./clean-all
./build-ca

    Note that you want to be root when running these commands because the vars script alters your environment, and they will get lost if you are using sudo on each command individually.

  • Generate certificate & key for server. 
    ./build-key-server server_name

    I left challenge password empty and answered yes to signing and committing the certificate.

  • Generate client certificates 
    ./build-key client1
  • Build Diffie Hellman data 
    ./build-dh
  • You can now drop root permissions and setup the server configuration file 
    sudo cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn

    Edit it to your liking. I did not change much except to add paths appropriately to the certificate and dh files.

  • Install OpenVPN on the client. 
    yum install openvon

    . In my case this a Fedora 9 machine.

  • sudo cp /usr/share/doc/openvpn-2.1/sample-config-files/client.conf /etc/openvpn/

    and edit it to your liking.

  • Copy the keys from the server to the client and start it up
  • For routing so that I run the following 
    echo 1 > /proc/sys/net/ipv4/ip_forward

    on the server so that machines on the same subnet as the server can talk to the clients. Likewise, I add the following static route to the default gateway (which is my wireless router):

    Destination LAN IP:  	  10.8.0.0
		Subnet Mask: 	255.255.255.0
		Gateway: 	192.168.35.2

    where gateway is the IP of the vpn server.

Tags:

This entry was posted on Sunday, August 10th, 2008 at 3:14 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “OpenVPN setup on Centos 5.2”

  1. Dids Says:
    December 20th, 2008 at 12:00 pm

    Hmm, for some reason /etc/openvpn/certs doesn’t exist even though I’m following your steps exactly. Any ideas why?

  2. Ehsan Says:
    January 22nd, 2009 at 4:27 pm

    Hi,

    bash-3.2# . ./vars
    bash: ./vars: No such file or directory

  3. Weakboy Says:
    February 21st, 2009 at 12:37 am

    do some update
    yum update -y

    it will install openvpn 2.0 or later~ then things above come out

  4. mirostz Says:
    March 5th, 2009 at 9:46 am

    Hello guys I have a very strange problem i can not find anything about it in google. So i want to ask here can someone help me. I have installed and configured everything as i should lzo and openvpn are installed. I have generated all the keys for the server and i have done the server.conf file like this:
    dev tun
    proto tcp
    port 1194

    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem

    user nobody
    group nogroup
    server 10.8.0.0 255.255.255.0

    persist-key
    persist-tun

    #status openvpn-status.log
    #verb 3
    client-to-client

    push “redirect-gateway def1″

    #log-append /var/log/openvpn
    comp-lzo

    my crt and key files are in the same directory as my config file. but when i do
    ]# openvpn –config server.conf
    Options error: Unrecognized option or missing parameter(s) in server.conf:78: ca (2.0.9)
    Use –help for more information.

    I get this unusual error and i can not find out why it this happening whats wrong with ca ca.crt line
    Please help me.

  5. mirostz Says:
    March 5th, 2009 at 9:49 am

    I paste wrong output here is the output of the configuration file:
    # openvpn –config openvpn.conf
    Options error: Unrecognized option or missing parameter(s) in openvpn.conf:5: ca (2.0.9)
    Use –help for more information.

  6. Milan Says:
    January 6th, 2010 at 8:29 am

    Check line 5 for error in openvpn.conf file

  7. Milanemajmune Says:
    February 4th, 2010 at 11:11 am

    # openvpn –config openvpn.conf
    Options error: Unrecognized option or missing parameter(s) in openvpn.conf:5: ca (2.0.9)
    Use –help for more information.

    Getting this error too.

    Anyone got this sorted? Except for Milan who is full of great advices

  8. Trudy Jilek Says:
    August 5th, 2010 at 9:43 pm

    Are you sure you are forwarding the correct ports? GRE uses port 1723. You need to forward requests on port 1723 on your WAN to your internal host (server) on the same port.

Leave a Reply