How to install OpenVPN on Centos 6.0 or 6.X

OpenVPN community edition, freely available to download; in our article we are covering complete installation & configuration of OpenVPN service on Centos 6 server environment. Also this will explain you about, how to install and configure OpenVPN client machine (windows & Linux) to connect OpenVPN server.

Target OpenVPN server should have public IP address in order to establish connectivity from client machines.

 OpenVPN download as source package or download and install using EPEL repository.

 Installing OpenVPN using EPEL (Extra Packages for Enterprise Linux) repository.

Step 1 : “http://epel.mirror.net.in/epel/  (from here you can select and download required version repository package).”

On Redhat / Centos 6 32-bit

[root@solutons]#wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm

[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm

 On Redhat / Centos 6 64-bit

[root@solutions]#wget http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm

[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm

 Note : EPEL repository can be installed directly using below command

“#rpm -ivh http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm”

Step 2 : After installing EPEL repository as explained in step1 you can start installing OpenVPN package using yum.

#yum install openvpn -y

#yum install lzo lzo-devel

Note: Default all OpenVPN configuration files located in “/etc/openvpn/”, if not you can copy from “/usr/share/doc/openvpn-2.3.1/sample/sample-config-files” to /etc/openvpn/.

 OpenVPN server configuration file

/etc/openvpn/server.conf   (OpenVPN server configuration file for server ,except server.conf file  you can remove all other .conf files)

OpenVPN client configuration file

./etc/openvpn/client.conf    (OpenVPN client configuration file for client , except client.conf file you can remove all other .conf files)

Sample configuration files are located in “/usr/share/doc/openvpn-2.3.1/sample/sample-config-files”

Example:

[root@iGateway sample-config-files]# pwd
/usr/share/doc/openvpn-2.3.1/sample/sample-config-files

Step 3 : Creating your own Certificate Authority (CA) , generating keys and certificates for server and clients using easy-rsa.

Note : for 2.2.x Easy-rsa , a set of scripts are bundled with OpenVPN.

For OpenVPN 2.3.x, you need to download easy-rsa separately from here.

 Go to /etc/openvpn folder by issuing fallowing command

#cd /etc/openvpn

Download easy-rsa

#wget https://codeload.github.com/OpenVPN/easy-rsa/zip/master

Extract master.zip file by executing fallowing command

#unzip master

 Example:

We finished downloading, now extracting easy-rsa files and  generate required certificates and keys as explained in below steps.

Create subfolders” keys” in /etc/openvpn

#mkdir  /etc/openvpn/keys

Copy requite easy-key files from /etc/openvpn/easy-rsa-master/easy-rsa/2.0

#cp -rp /etc/openvpn/easy-rsa-master/easy-rsa/2.0 /etc/openvpn/keys/

Modify certificate Authorities’ parameters by editing fallowing file

#vi /etc/openvpn/keys/vars

Change settings as indicated in below screenshot

Start building Certificate Authority based on the information given in “vars”.

Change the working directory and execute below commands

#cd /etc/openvpn/keys

#source  ./vars

#./clean-all

#./build-ca

Our Certificate Authority is ready now; we will start creating certificate for OpenVPN server.   When asked for inputs from you, simply answer yes to commit

#./build-key-server server

Our server certificate is ready now, we will start creating certificate for clients, you can repeat these steps for each of the client machine going to use as vpn client. One certificate can be used for multiple clients but you have to modify server.conf file .

#./build-key client1   

(You can apply suitable client name like vpnuser1 , vpnclient1 and repeat this step as many as client your going to create.)

Output:

[root@iGateway keys]# ./build-key client1

Country Name (2 letter code) [IN]:
State or Province Name (full name) [AP]:
Locality Name (eg, city) [Mumbai]:
Organization Name (eg, company) [SolutionsatExperts]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server’s hostname) [client1]:
Name [SecurityKey]:

Email Address [admin@solutionsatexperts.cm]:

*****************END of output*********************

certificates and keys are ready now, we are going to generate Diffie Hellman key exchange files using below build-dh script.

#./build-dh

Output:

Generating DH parameters, 2048 bit long safe prime, generator 2

This is going to take a long time

………+…………………………….+………..+………………………………………………………………………………………………………..

********************END of output*****************

Copy certificates and keys to  /etc/openvpn

#cd /etc/openvpn/keys/keys/

[root@iGateway keys]# cp -rp ca.crt server.key server.crt dh2048.pem  /etc/openvpn/

You can modify OpenVPN server configuration files parameters (/etc/openvpn/server.conf)

Define the location of below certificates  & key files by default you can copy all certificates and keys to /etc/openvpn/  .

ca ca.crt

cert server.crt

key server.key  # This file should be kept secret

dh dh2048.pem     #default value is dh1024.pem replace with dh2048.pem

# Uncomment this directive to allow different clients to be able to “see” each other. By default, clients will only see the server.

client-to-client

#######END of VPN clients to communicate###############

Start OpenVPN service by executing below command (start/stop/restart)

#service openvpn start

Set OpenVPN service ON at default boot level

#chkconfig openvpn on

 OpenVPN logs

#tail –f /var/log/messages

OR

# tail -f /etc/openvpn/openvpn-status.log


OpenVPN Client on Windows

Thank You.

Nex

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk