Posts Tagged ‘VPN’

OpenVPN setup on Centos 5.2

Sunday, August 10th, 2008 by lane

OpenVPN is a very capable SSL-based VPN client/server software package. It has great documentation at
OpenVPN Howto Documents.

  • To install on CentOS, I grab the rpms from the EPEL repo. EPEL stands for Extra Packages for Enterprise Linux. They are Fedora packages repackaged for Redhat Enterprise. The project homepage and documentation is at http://fedoraproject.org/wiki/EPEL. There is also a package list at that site.
    To install the EPEL yum repo, run the following command:

    sudo rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-2.noarch.rpm

    Change the architecture and version appropriately for your machine.

  • Install OpenVPN with the following command: 
    yum install openvpn
  • For now I will setup OpenVPN to route rather than bridge. Later I will likely bridge two remote networks.
  • Generate the Master Certificate Authority. Copy the templates files into place: 
    sudo cp -r /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/certs

    Now cd into /etc/openvpn/certs and edit the var file. The only thing I changed was the last five lines containing the location information. Now run the following commands

    sudo su
. ./vars
./clean-all
./build-ca

    Note that you want to be root when running these commands because the vars script alters your environment, and they will get lost if you are using sudo on each command individually.

  • Generate certificate & key for server. 
    ./build-key-server server_name

    I left challenge password empty and answered yes to signing and committing the certificate.

  • Generate client certificates 
    ./build-key client1
  • Build Diffie Hellman data 
    ./build-dh
  • You can now drop root permissions and setup the server configuration file 
    sudo cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn

    Edit it to your liking. I did not change much except to add paths appropriately to the certificate and dh files.

  • Install OpenVPN on the client. 
    yum install openvon

    . In my case this a Fedora 9 machine.

  • sudo cp /usr/share/doc/openvpn-2.1/sample-config-files/client.conf /etc/openvpn/

    and edit it to your liking.

  • Copy the keys from the server to the client and start it up
  • For routing so that I run the following 
    echo 1 > /proc/sys/net/ipv4/ip_forward

    on the server so that machines on the same subnet as the server can talk to the clients. Likewise, I add the following static route to the default gateway (which is my wireless router):

    Destination LAN IP:  	  10.8.0.0
		Subnet Mask: 	255.255.255.0
		Gateway: 	192.168.35.2

    where gateway is the IP of the vpn server.

Tags:
Posted in Linux | 9 Comments »