Skip to main content

How to Configure Openvpn Server

How to Configure Openvpn Server



VPN server [x.x.x.x]- Global IP address
[192.168.0.254]- eth1 ( real IP address )
[192.168.0.9]- br0 – set new as a Bridge
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-5-4.noarch.rpm
————————————————————————————————–
yum –enablerepo=epel -y install openvpn bridge-utils
————————————————————————————————–
cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/
————————————————————————————————–
vi /etc/openvpn/server.conf
line 53: change
dev tap0
line 78: change certificate path
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
line 87: change
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
line 96: make it comment
# server 10.8.0.0 255.255.255.0
line 103: make it comment
# ifconfig-pool-persist ipp.txt
# line 115: uncomment and chnage ( [VPN server's IP] [subnetmask] [the range of IP for client] )
server-bridge 192.168.0.9 255.255.255.0 192.168.0.100 192.168.0.150
line 138: add ( [network VPN server in] [subnetmask] )
push “route 192.168.0.254 255.255.255.0″
line 275: change
status /var/log/openvpn-status.log
line 284: uncomment and change
log /var/log/openvpn.log
log-append /var/log/openvpn.log
save&exit
======================================================================================
======================================================================================
cp -R /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa
——————————————————————————————————-
cd /etc/openvpn/easy-rsa 
mkdir keys 
vi vars
line 64: change to your environment
export KEY_COUNTRY=”IN”
export KEY_PROVINCE=”new-delhi”
export KEY_CITY=”Delhi”
export KEY_ORG=”Openpath”
export KEY_EMAIL=”vivek@xyz.com”
save&exit
====================================================================================
source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
[root@vpn easy-rsa]# ./clean-all 
[root@vpn easy-rsa]# ./build-ca 
Generating a 1024 bit RSA private key
……………..++++++
……++++++
writing new private key to ‘ca.key’
———-
create certificate..
Create certificate and key for server.
[root@vpn easy-rsa]# ./build-key-server server 
Generating a 1024 bit RSA private key
……..++++++
…….++++++
writing new private key to ‘server.key’
—–
Generate Diffie Hellman ( DH ) parameter.
—————————————————————————————————–
[root@vpn easy-rsa]# ./build-dh 
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
Create certificate and key for client.
[root@vpn easy-rsa]# ./build-key-pass client 
Generating a 1024 bit RSA private key
………………++++++
………………++++++
writing new private key to ‘client.key’
Enter PEM pass phrase:
========================================================================================
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-stop /etc/openvpn/
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-start /etc/openvpn/
chmod 755 /etc/openvpn/bridge-start
chmod 755 /etc/openvpn/bridge-stop 
vi /etc/openvpn/bridge-start
line 17-20: change
eth=”eth1″ # chnage if needed
eth_ip=”192.168.0.9″# IP address for bridge
eth_netmask=”255.255.255.0″# subnetmask
eth_broadcast=”192.168.0.255″
save&exit
====================================================================================
vi /etc/rc.d/init.d/openvpn
start)
echo -n $”Starting openvpn: “
line 126: add
/etc/openvpn/bridge-start
line 205: add
/etc/openvpn/bridge-stop
success; echo
rm -f $lock
save&exit
====================================================================================
/etc/rc.d/init.d/openvpn start
chkconfig openvpn on
==================================Client setting======================================
copy certificate files from server to client computer..by ftp or winscp ….
/etc/openvpn/easy-rsa/keys/
ca.crt
client.crt
client.key
download openvpn client for windows
http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
istall openvpn client
and put all certificate in C:\Program Files\OpenVPN\config
create .ovpn file in C:\Program Files\OpenVPN\config
right click -create text file -click save as .ovpn
open .ovpn file and paste these lines.
client
dev tap0
proto udp
remote 192.168.0.9 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
save file
Enjoy and connect from vpn server…………………

======================================================================

Comments

Post a Comment

Popular posts from this blog

Links to various tools, calculators, config template etc.

Below are the links to various tools, calculators, config template etc. I hope you guys will find it helpful – APC Datacenter Tools ACL Wildcard Mask Calculator Aircrack-ng APC Product Selectors BackTrack Linux – Penetration Testing Bandwidth Calculator Bandwidth Speed Test Tool Bandwidth VoIP Availability Check Bandwidth VoIP Test Belkin Wizards Black Box Custom Cable and Adapter Wizards Boson Free Utilities, Cisco Config Register Calculator Brad Reese music work ambience Broadband Tools Cain – Windows Based Hacking Tool CertSearch Tool – rates Cisco practice test providers CIDR Report CIDR / VLSM Supernet Calculator Cisco 827/827H/SOHO97/837 ADSL Firewall IPSec Config Cisco 827/827H/SOHO97/837 ADSL IPSec Config Cisco 827/827H/SOHO97/837 Basic Config Cisco 827/827H/837 Business Config Cisco 827, 827H, 837, SOHO97 Config Wizard Cisco 851/851W/857/857W/871/871W/877/877W Wizard
Post a Comment
Read more

Smoothwall Express 3.0 with Multiple NAT

This is a must have for any Smoothwall Express Setup. This mod gives you full control of your interfaces including multiple IP addresses, ports and mac control: The mod gives ultimate control with the following: 1.    Specify origin source IP/Network 2.    Specify the origin/destination ports to be open for your specific IP/Network e.g. Open access for the IP 222.111.55.333 on port 57 to your IP xxx.xxx.xxx.xxx on port 22 To install the mod simply run the following from command line: 1.   wget http://stans-smoothwall3mods.googlecode.com/files/fullfirewall-3.3.3.1-Express-3.0-i386.run 2.   sh ./fullfirewall-3.3.3.1-Express-3.0-i386.run **NOTE: Smoothwall Express 3.0 should be up to and including update 9 – Maintenance > Updates. Log back into the Smoothwall GUI and you will now see the Full Firewall Control interface. control ,  full firewall ,  mod ,  port forwarding ,  smoothwall For further reading take a look at below link:  https://www.linuxtutoria
Post a Comment
Read more

Cisco ASA 5510 with Dual ISP Redundancy

Cisco ASA 55XX with Dual ISP Redundancy This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers   outbound   connectivity only.  The ASA does not have built in functionality to NAT multiple public IPs to a single internal IP – for that you’d need a router (how-to article soon!).  For an ASA to provide inbound redundancy to your servers you’d need to utilize two separate IPs for each server – one to be NAT’d to each public IP block. The information you’ll need to complete this task: ·           Primary ISP Subnet / Gateway ·           Secondary ISP Subnet / Gateway ·           A Public host to ping (i.e. 4.2.2.1) The Public host to ping is a device (read: cluster of devices) that we will use to check if our primary ISP is up or down.  For that reason, I advise against using an IP of a single server.  I usually go with one of the well
1 comment
Read more