OpenVPN on CentOS 5.2
OpenVPN Server Setup (Tested on Centos 5.2)
Commands in Bold
yum install openvpn cd /etc/openvpn/ cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ cd /etc/openvpn/easy-rsa/2.0/ chmod +x ../vars ../vars chmod +rwx * ./clean-all source ./vars vi ../vars (At the bottom of the files change the values to match the site) vi vars (At the bottom of the files change the values to match the site) ./build-ca (this builds the CA certaficate) source ./vars ./clean-all ./build-ca ./build-key-server server (this builds the server .key file) vi /etc/openvpn/openvpn.conf (for slow lines UDP is faster and use the below as a starting point)
port 1723 (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca ca.crt cert
server.crt key server.key dh dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push
"dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status
openvpn-status.log verb 3 client-to-client duplicate-cn (this means several users can use the same key)
cp
keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/ ./build-dh (builds the dh1024) cp keys/dh1024.pem /etc/openvpn/ /etc/init.d/openvpn start chkconfig --list | grep vpn (make sure it is set to start at boot) ./build-key <name> (Repeat and rinse if you want several individual keys) cd keys/ zip ttt.zip ca.crt ca.key <name>.crt <name>.csr <name>.key yum install -y nail nail -s “Keys" -a ttt.zip me@mydomain.com /etc/init.d/openvpn restart netstat -ntpl | grep 1723
Set the iptables firewall rules to allow with these rules:
# External
Interface for VPN # VPN Interface VPNIF="tun0" VPNNET="172.16.0.0/24" VPNIP="172.16.0.1" ### OpenVPN $IPTABLES -A INPUT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTIP --destination-port 1723 -j ACCEPT # OpenVPN $IPTABLES -A INPUT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTIP --destination-port 1723 -j ACCEPT # OpenVPN # Allow TUN interface connections to OpenVPN server $IPTABLES -A OUTPUT -o $INTIF -s $EXTIP -d $VPNNET -j ACCEPT $IPTABLES -A OUTPUT -o $VPNIF -s $EXTIP -d $VPNNET -j ACCEPT # OpenVPN
$IPTABLES -A FORWARD -o $INTIF -s $EXTIP -d $VPNNET -j ACCEPT $IPTABLES -A FORWARD -o $VPNIF -s $EXTIP -d $VPNIP -j ACCEPT $IPTABLES -A FORWARD -o $EXTIF -s $EXTIP -d $VPNNET -j ACCEPT
$IPTABLES
-A FORWARD -o $VPNIF -s $INTNET -d $VPNNET -j ACCEPT
Follow the client side instructions from here... |
|
This topic does not have any threads posted yet!
You cannot post until you login.