How to Configure Openvpn Server

How to Configure Openvpn Server



VPN server [x.x.x.x]- Global IP address
[192.168.0.254]- eth1 ( real IP address )
[192.168.0.9]- br0 – set new as a Bridge
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-5-4.noarch.rpm
————————————————————————————————–
yum –enablerepo=epel -y install openvpn bridge-utils
————————————————————————————————–
cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/
————————————————————————————————–
vi /etc/openvpn/server.conf
line 53: change
dev tap0
line 78: change certificate path
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
line 87: change
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
line 96: make it comment
# server 10.8.0.0 255.255.255.0
line 103: make it comment
# ifconfig-pool-persist ipp.txt
# line 115: uncomment and chnage ( [VPN server's IP] [subnetmask] [the range of IP for client] )
server-bridge 192.168.0.9 255.255.255.0 192.168.0.100 192.168.0.150
line 138: add ( [network VPN server in] [subnetmask] )
push “route 192.168.0.254 255.255.255.0″
line 275: change
status /var/log/openvpn-status.log
line 284: uncomment and change
log /var/log/openvpn.log
log-append /var/log/openvpn.log
save&exit
======================================================================================
======================================================================================
cp -R /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa
——————————————————————————————————-
cd /etc/openvpn/easy-rsa 
mkdir keys 
vi vars
line 64: change to your environment
export KEY_COUNTRY=”IN”
export KEY_PROVINCE=”new-delhi”
export KEY_CITY=”Delhi”
export KEY_ORG=”Openpath”
export KEY_EMAIL=”vivek@xyz.com”
save&exit
====================================================================================
source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
[root@vpn easy-rsa]# ./clean-all 
[root@vpn easy-rsa]# ./build-ca 
Generating a 1024 bit RSA private key
……………..++++++
……++++++
writing new private key to ‘ca.key’
———-
create certificate..
Create certificate and key for server.
[root@vpn easy-rsa]# ./build-key-server server 
Generating a 1024 bit RSA private key
……..++++++
…….++++++
writing new private key to ‘server.key’
—–
Generate Diffie Hellman ( DH ) parameter.
—————————————————————————————————–
[root@vpn easy-rsa]# ./build-dh 
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
Create certificate and key for client.
[root@vpn easy-rsa]# ./build-key-pass client 
Generating a 1024 bit RSA private key
………………++++++
………………++++++
writing new private key to ‘client.key’
Enter PEM pass phrase:
========================================================================================
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-stop /etc/openvpn/
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-start /etc/openvpn/
chmod 755 /etc/openvpn/bridge-start
chmod 755 /etc/openvpn/bridge-stop 
vi /etc/openvpn/bridge-start
line 17-20: change
eth=”eth1″ # chnage if needed
eth_ip=”192.168.0.9″# IP address for bridge
eth_netmask=”255.255.255.0″# subnetmask
eth_broadcast=”192.168.0.255″
save&exit
====================================================================================
vi /etc/rc.d/init.d/openvpn
start)
echo -n $”Starting openvpn: “
line 126: add
/etc/openvpn/bridge-start
line 205: add
/etc/openvpn/bridge-stop
success; echo
rm -f $lock
save&exit
====================================================================================
/etc/rc.d/init.d/openvpn start
chkconfig openvpn on
==================================Client setting======================================
copy certificate files from server to client computer..by ftp or winscp ….
/etc/openvpn/easy-rsa/keys/
ca.crt
client.crt
client.key
download openvpn client for windows
http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
istall openvpn client
and put all certificate in C:\Program Files\OpenVPN\config
create .ovpn file in C:\Program Files\OpenVPN\config
right click -create text file -click save as .ovpn
open .ovpn file and paste these lines.
client
dev tap0
proto udp
remote 192.168.0.9 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
save file
Enjoy and connect from vpn server…………………

======================================================================
Powered by Blogger.

Opensource