How to install OpenVPN on Centos 6.X

What is VPN ?

Virtual Private Network over the Pulic Network(internet) using secure channel (encryption).
VPN establishes secure connectivity, remote users or site to site.

Site to Site : Head Office to – > branch office across the globe over the internet.

OpenVPN  community edition is freely accessible .

In our configuration guide , we are using a Centos machine with public IP.
We are going install and configure open VPN community edition software package.
The OpenVPN server should have a public IP address in order to establish connectivity from client machines.
OpenVPN installation and configuration guide has prepared on following platform and services.

Operating System           : CentOS release 6.5 (Server)

                           : Windows 7 (client)

OpenVPN server             :

IP public                  : vpn.demo.com (public IP)

IP Private                 : LAN: 192.168.100.0/24 and VPN: 10.8.0.0

Network Interfaces         : eth0 and eth1

eth0 private IP

eth1 public IP

Steps :

Step 1 : Install Dependency software packages

Step 2 : Install and Configure OpenVPN

Step 3 : Install and configure OpenVPN client on windows 7

Let us see the steps in Details :

Step 1 : Install Dependency software packages

1.1 Install lzo lzo-devel OpenSSH using RHEL repository using yum command.

#yum install lzo lzo-devel openssh openssh-devel

Step2 : Install and Configure OpenVPN Server

2.1  Download EPEL (Extra Package for Enterprise Linux)

#wget http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm

#rpm -ivh epel-release-6-8.noarch.rpm

2.2 Install OpenVPN package using repository using yum command line utility

#yum install openvpn -y

The default configuration files for OpenVPN are located in (/etc/openvpn).

The Sample configuration files for OpenVPN are located in (/usr/share/doc/openvpn-2.3.1/samples/sample-config-files)

/etc/openvpn/server.conf (Main configuration file for OpenVPN server)

#cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/

Optional :

/etc/openvpn/client.conf (requires in VPN client machine)

2.3 Download , Extract and copy easy-rsa.

Switch to /etc/openvpn , folder structure as shown below.

#cd /etc/openvpn

Download easy-rsa , you need to download it separately as shown below.

#wget http://demo.com/?wpfb_dl=331

Extract master.zip file by executing below command

#unzip index.html?wpfb_dl=331

Create a folder (keys) under the /etc/openvpn/

#mkdir /etc/openvpn/keys

Copy easy-key ficxzzxzxxzcvczxcvles from /etc/openvpn/easy-rsa-master/easy-rsa/2.0 to /   etc/openvpn/keys/ as below

#cp -rp /etc/openvpn/easy-rsa-master/easy-rsa/2.0/* /etc/openvpn/keys/

2.4 Creating your own Certificate Authority (CA) and generating keys and certificates for server and clients using easy-rsa.

Edit /etc/openvpn/keys/vars to set Certificate Authorities parameters.

#vi /etc/openvpn/keys/vars

Change below settigs Certificate Authorities .

export KEY_COUNTRY=”IN”

export KEY_PROVINCE=”AP”

export KEY_CITY=”Hyderabad”

export KEY_ORG=”SolutionsatExperts”

export KEY_EMAIL=”admin@demo.com”

export KEY_OU=”IT”

Start building Certificate Authority based on the information given in “vars”.

Change the working directory and execute below commands

#cd /etc/openvpn/keys

#source  ./vars

#./clean-all

#./build-ca

Create Certificate for OpenVPN Server

#./build-key-server server

Create Certificate for OpenVPN client , repeat this step for number of clients based on your requirement.

(You can apply suitable client name like vpnuser1 , vpnclient1 and repeat this step for number of clients certificate your going to create.)

[root@iGateway keys]# ./build-key client1

Generate Diffie Hellman(DH) key exchange files using below build-dh script.

#./build-dh

Copy certificates and keys files  to  /etc/openvpn

#cd /etc/openvpn/keys/keys/

#cp -rp ca.crt server.key server.crt dh2048.pem  /etc/openvpn/

2.5 Modify OpenVPN server main configuration server.conf, set below parameters.

#vi /etc/openvpn/server.conf

ca ca.crt

cert server.crt

key server.key    # This file should be kept secret

dh dh2048.pem     #default value is dh1024.pem replace with dh2048.pem

# Uncomment this directive to allow different clients to be able to “see” each other. By default, clients will only see the server.

client-to-client

Save and Exit(:wq!)

2.5 Start OpenVPN service by executing below command (start/stop/restart)

#service openvpn start

Set OpenVPN service ON at default boot level

#chkconfig openvpn on

Check the logs for trouble shooting

#tail -f /var/log/messages

OR

# tail -f /etc/openvpn/openvpn-status.log

Thank you.

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk