-- Tried and installed on Centos 64 bit
what is openvpn?
http://en.wikipedia.org/wiki/OpenVPNProcedure
--- first of all install gcc and make.
#yum install gcc makeInstall package needed for OPENVPN
#yum install rpm-build#yum install autoconf.noarch#yum install zlib-devel#yum install pam-devel#yum install openssl-devel#yum install lzo-devel#yum install lzoCopy the folder for creating certificate to directory /etc/openvpn/
#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/Let's create the certificate
#cd /etc/openvpn/easy-rsa/2.0#chmod 755 *#source ./vars#./vars#./clean-allBuild CA
#./build-caMake sure to enter a value in Common Name parameter, like “ Test server"
· Generate certificate and private key for server.
./build-key-server server
Parameters can be default but when a Common Name is asked, type in “server”.
· Generate certificate and private key for client; client1
./build-key client1
· Generate Diffie Hellman parameters
./build-dh
Building certificate done, now we create the configuration file in the directory /etc/openvpn
Sample server,conf file.
- Restart openvpn -- service openvpn startCheck /var/log/messages if porperly connected the msg. are:
[root@localhost openvpn]# tail -f /var/log/messages
Feb 11 12:01:18 localhost openvpn[9699]: /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
Feb 11 12:01:18 localhost openvpn[9699]: /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
Feb 11 12:01:18 localhost openvpn[9699]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 11 12:01:18 localhost openvpn[9708]: Socket Buffers: R=[111616->131072] S=[111616->131072]
Feb 11 12:01:18 localhost openvpn[9708]: UDPv4 link local (bound): [undef]:1194
Feb 11 12:01:18 localhost openvpn[9708]: UDPv4 link remote: [undef]
Feb 11 12:01:18 localhost openvpn[9708]: MULTI: multi_init called, r=256 v=256
Feb 11 12:01:18 localhost openvpn[9708]: IFCONFIG POOL: base=192.168.255.4 size=62
Feb 11 12:01:18 localhost openvpn[9708]: IFCONFIG POOL LIST
Feb 11 12:01:18 localhost openvpn[9708]: Initialization Sequence Completed
Feb 11 12:01:18 localhost openvpn[9699]: /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
Feb 11 12:01:18 localhost openvpn[9699]: /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
Feb 11 12:01:18 localhost openvpn[9699]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 11 12:01:18 localhost openvpn[9708]: Socket Buffers: R=[111616->131072] S=[111616->131072]
Feb 11 12:01:18 localhost openvpn[9708]: UDPv4 link local (bound): [undef]:1194
Feb 11 12:01:18 localhost openvpn[9708]: UDPv4 link remote: [undef]
Feb 11 12:01:18 localhost openvpn[9708]: MULTI: multi_init called, r=256 v=256
Feb 11 12:01:18 localhost openvpn[9708]: IFCONFIG POOL: base=192.168.255.4 size=62
Feb 11 12:01:18 localhost openvpn[9708]: IFCONFIG POOL LIST
Feb 11 12:01:18 localhost openvpn[9708]: Initialization Sequence Completed
--- 10.105
-- Client Configuration--
-- Copy /etc/openvpn/keys from source to destination server
- Configure server.conf
-- Restart the service
--If properly configure, the message below should be the same as on your client server
[root@localhost openvpn]# tail -f openvpn-status.log
OpenVPN CLIENT LIST
Updated,Fri Feb 11 12:27:59 2011
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client,192.168.10.105:32777,3798,4019,Fri Feb 11 12:27:38 2011
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
192.168.255.6,client,192.168.10.105:32777,Fri Feb 11 12:27:38 2011
GLOBAL STATS
Max bcast/mcast queue length,0
Iptables
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Creating username/passwd
Install process is done, now create user for you OPENVPN.
#useradd username -s /bin/false#passwd usernameto delete existing user, you can use
#userdel usernameNow go to your OPENVPN GUI config folder and create client configuration file. This is the example for client configuration.
clientdev tunproto udpremote 123.123.123.123 4567 #- your OPENVPN server ip and portresolv-retry infinitenobindtun-mtu 1500tun-mtu-extra 32mssfix 1450persist-keypersist-tunca ca.crtauth-user-passcomp-lzoverb 3save the configuration with filename.ovpn.
------
Running OpenVPN client on Windows XP
OpenVPN GUI software is located in http://openvpn.se/download.html
Configuring
You need to create a new configuration file client.ovpn located in C:\Program Files\OpenVPN\config\, for example C:\Program Files\OpenVPN\config\client.ovpn and put these lines into this configuration file:******************************************
remote remote_vpn_server
tls-client
dev tap
ifconfig local_ip_address netmask
ca ca.crt
cert client.crt
key client.key
ping 10
verb 1
mute 10
comp-lzo
******************************************
Here's explanation of each configuration option:
| remote_vpn_server | name of OpenVPN server |
| local_ip_address | local IP address |
| netmask | netmask of local IP address |
| client.crt | client's certificate |
| client.key | client's key |
All this information should be provided by your system administrator.
Place these files client.crt , client.csr, client.key, and ca.crt into directory C:\ProgramFiles\OpenVPN\config
Run OpenVPN GUI from "Start" -> "All programms" -> "OpenVPN" -> "OpenVPN GUI". After you run this software, you should see an icon OpenVPN in system tray. Click on mouse's right button and choose "Connect". After you click on it, it takes about 1 minute to establish connection.