yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don't worry 2. Right, now you want to install OpenVPN, here are the commands, Code: yum install openvpn -y #Now check that it works service openvpn start service openvpn stop 3. A few things to setup before you can make certificates, issue these commands, Code: find / -name "easy-rsa" #you should get an output like this… /usr/share/doc/openvpn-2.0.7/easy-rsa #Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed) cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/ cd /etc/openvpn/easy-rsa chmod 777 * mkdir /etc/openvpn/keys 4. You need to edit the vars file, located in /etc/openvpn/easy-rsa You can use any editor you like, I used vi. Change the line Code: export KEY_DIR=$D/keys to Code: export KEY_DIR=/etc/openvpn/keys Also at the bottom of this file you will see something similar to this, Code: export KEY_COUNTRY=US export KEY_PROVINCE=CA export KEY_CITY=SOMEWHERE export KEY_ORG="My Org" export [email protected] Change this to your own values. 5. Now its time to make the certificates, enter these commands Code: . ./vars Code: ./clean-all Code: ./build-ca # just hit enter to the defaults apart from Common Name, this must be unique # call it something like mydomain-ca Code: ./build-key-server server Code: ./build-key client1 # remember that common name must be unique e.g. use mydomain-client1 # and YES you want to sign the keys Code: ./build-key client2 # do this step for as many clients as you need. Code: ./build-dh 6. We are almost done now… right we need to create a few config files, you can download my template from here, Code: cd /etc/openvpn Code: wget www.designpc.co.uk/downloads/server.conf # make sure you change a few things in the server.conf file, like DNS # servers Code: touch server-tcp.log ~ this makes the log file.. Code: touch ipp.txt this makes the IP reservation list. 7. You need to make a few changes to OpenVPN itself. Go to.. Code: cd /etc/init.d/ edit the openvpn file #Uncomment this line (line 119) Code: echo 1 > /proc/sys/net/ipv4/ip_forward Add these lines below it, changing 123.123.123.123 to your public IP address, Code: iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123 Now install iptables if you don't have it already, Code: yum install iptables #test it service iptables start service iptables stop 8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here; http://www.designpc.co.uk/downloads/....3-install.exe You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/ ## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP. ca.crt client1.csr client1.key client1.crt Put these files in this directory C:\Program Files\OpenVPN\config\ Now you need to make a client config, here is an example.. PHP Code: client dev tun proto tcp #Change my.publicdomain.com to your public domain or IP address remote my.publicdomain.com 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server #DNS Options here, CHANGE THESE !! push "dhcp-option DNS 123.123.123.123" push "dhcp-option DNS 123.123.123.124" comp-lzo verb 3 Make sure you edit any of the lines with comments above them. Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\ Make sure the file extension is .opvn not .txt To connect right click on OpenVPN in the taskbar >> Connect To test ping 192.168.2.1 --- On Thu, 15/1/09, dinesh jadhav <[email protected]> wrote: From: dinesh jadhav <[email protected]> Subject: [Linux_Mantra] VPN configurations how to in centos 5.2 To: "Vadapav Linux" <[email protected]>, "Linux Mantra" <[email protected]> Date: Thursday, 15 January, 2009, 3:25 PM How to configure VPN server and client in CentOS 5.2 ------------ --------- --------- --- Dinesh Jadhav 9867011640 [input] "Do not worry about anything; instead PRAY ABOUT EVERYTHING." Philippians 4:6 ------------ --------- --------- --- Add more friends to your messenger and enjoy! Invite them now. [Non-text portions of this message have been removed] Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ [Non-text portions of this message have been removed]
