How to Install OpenVPN in CentOS

Tuesday, September 7, 2010

This tutorial how to install OpenVPN in CentOs VPS. Server can VPS or Dedicated, TUN/TAP device must be enabled, Putty or Bitvise Tunnelier to configuration server, and internet connection.. :D

To the Point :

* Login to your VPS shell.......... Open the terminal console....

* Download the packets

#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

* Install and build

#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel

* Install with rpm

#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpmbuild -tb openvpn-2.0.9.tar.gz
#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

* Copy configuration file to /etc/openvpn folder

#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

* Building certificate (to /etc/openvpn/easy-rsa/2.0 directory)

#cd /etc/openvpn/easy-rsa/2.0
#source ./vars
#./vars
#./clean-all
#./build-ca

"Common Name" must be filled...

* Build key server

#./build-key-server server

"Common Name" must be filled... Please insert : server

* Build Diffie Hellman

#./build-dh

* Build certificate for client (exp. cert for : rick)

#./build-key rick

"Common Name" must be filled... Please insert like same cert : rick

* Copy that certificate to /etc/openvpn/keys

#cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R

* OpenVPN server configuration (in /etc/openvpn/server.conf)

local 204.74.215.147 #--your ip here
port 53
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Save as server.conf in /etc/openvpn/ folder

* Start your OpenVPN with this command

#service openvpn start
or
#openvpn /etc/openvpn/server.conf

* Enabling forwarding packet for redirect gateway

#echo 1 > /proc/sys/net/ipv4/ip_forward

* Edit NAT table for MASQUERADING

For VPS :
#iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -j SNAT --to 204.74.215.147

For Dedicated Server :
#iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE

IP must be same with your IP tun0 in your VPS

* Download OpenVPN configuration for client

Download ca.crt, rick.crt and rick. key from /etc/openvpn/keys folder. Save that 3 file to C:\program files\openvpn\config\

* OpenVPN configuration for client

client
dev tun
proto udp
remote 204.74.215.147 53 #-- your ip here
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert denbagus.crt
key denbagus.key
comp-lzo
verb 3

Save as rick.ovpn in C:\program files\openvpn\config\ folder

* The end............ Ready to USE

Posted by cupre at 1:37 PM

0 comments:

Post a Comment

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.

  © Blogger template The Professional Template II by Ourblogtemplates.com 2009

Back to TOP