Skip to main content

How to Configure Openvpn Server

How to Configure Openvpn Server



VPN server [x.x.x.x]- Global IP address
[192.168.0.254]- eth1 ( real IP address )
[192.168.0.9]- br0 – set new as a Bridge
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-5-4.noarch.rpm
————————————————————————————————–
yum –enablerepo=epel -y install openvpn bridge-utils
————————————————————————————————–
cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/
————————————————————————————————–
vi /etc/openvpn/server.conf
line 53: change
dev tap0
line 78: change certificate path
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
line 87: change
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
line 96: make it comment
# server 10.8.0.0 255.255.255.0
line 103: make it comment
# ifconfig-pool-persist ipp.txt
# line 115: uncomment and chnage ( [VPN server's IP] [subnetmask] [the range of IP for client] )
server-bridge 192.168.0.9 255.255.255.0 192.168.0.100 192.168.0.150
line 138: add ( [network VPN server in] [subnetmask] )
push “route 192.168.0.254 255.255.255.0″
line 275: change
status /var/log/openvpn-status.log
line 284: uncomment and change
log /var/log/openvpn.log
log-append /var/log/openvpn.log
save&exit
======================================================================================
======================================================================================
cp -R /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa
——————————————————————————————————-
cd /etc/openvpn/easy-rsa 
mkdir keys 
vi vars
line 64: change to your environment
export KEY_COUNTRY=”IN”
export KEY_PROVINCE=”new-delhi”
export KEY_CITY=”Delhi”
export KEY_ORG=”Openpath”
export KEY_EMAIL=”vivek@xyz.com”
save&exit
====================================================================================
source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
[root@vpn easy-rsa]# ./clean-all 
[root@vpn easy-rsa]# ./build-ca 
Generating a 1024 bit RSA private key
……………..++++++
……++++++
writing new private key to ‘ca.key’
———-
create certificate..
Create certificate and key for server.
[root@vpn easy-rsa]# ./build-key-server server 
Generating a 1024 bit RSA private key
……..++++++
…….++++++
writing new private key to ‘server.key’
—–
Generate Diffie Hellman ( DH ) parameter.
—————————————————————————————————–
[root@vpn easy-rsa]# ./build-dh 
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
Create certificate and key for client.
[root@vpn easy-rsa]# ./build-key-pass client 
Generating a 1024 bit RSA private key
………………++++++
………………++++++
writing new private key to ‘client.key’
Enter PEM pass phrase:
========================================================================================
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-stop /etc/openvpn/
cp /usr/share/doc/openvpn-*/sample-scripts/bridge-start /etc/openvpn/
chmod 755 /etc/openvpn/bridge-start
chmod 755 /etc/openvpn/bridge-stop 
vi /etc/openvpn/bridge-start
line 17-20: change
eth=”eth1″ # chnage if needed
eth_ip=”192.168.0.9″# IP address for bridge
eth_netmask=”255.255.255.0″# subnetmask
eth_broadcast=”192.168.0.255″
save&exit
====================================================================================
vi /etc/rc.d/init.d/openvpn
start)
echo -n $”Starting openvpn: “
line 126: add
/etc/openvpn/bridge-start
line 205: add
/etc/openvpn/bridge-stop
success; echo
rm -f $lock
save&exit
====================================================================================
/etc/rc.d/init.d/openvpn start
chkconfig openvpn on
==================================Client setting======================================
copy certificate files from server to client computer..by ftp or winscp ….
/etc/openvpn/easy-rsa/keys/
ca.crt
client.crt
client.key
download openvpn client for windows
http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
istall openvpn client
and put all certificate in C:\Program Files\OpenVPN\config
create .ovpn file in C:\Program Files\OpenVPN\config
right click -create text file -click save as .ovpn
open .ovpn file and paste these lines.
client
dev tap0
proto udp
remote 192.168.0.9 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
save file
Enjoy and connect from vpn server…………………

======================================================================

Comments

Post a Comment

Popular posts from this blog

Cisco ASA 5510 with Dual ISP Redundancy

Cisco ASA 55XX with Dual ISP Redundancy This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers   outbound   connectivity only.  The ASA does not have built in functionality to NAT multiple public IPs to a single internal IP – for that you’d need a router (how-to article soon!).  For an ASA to provide inbound redundancy to your servers you’d need to utilize two separate IPs for each server – one to be NAT’d to each public IP block. The information you’ll need to complete this task: ·           Primary ISP Subnet / Gateway ·           Secondary ISP Subnet / Gateway ·           A Public host to ping (i.e. 4.2.2.1) The Public host to ping is a device (read: cluster of devices) th...
1 comment
Read more

Lenovo Ideapad V310-15ISK Wi-Fi issue on Ubuntu/fedora/CentOS

Go to terminal and RUN below command You can also copy & paste the below line on command prompt: # sudo tee /etc/modprobe.d/blacklist-ideapad.conf <<< "blacklist ideapad_laptop" # reboot. Link: https://askubuntu.com/questions/893668/qualcomm-atheros-wifi-lenovo-v310-ubuntu-16-04
1 comment
Read more

Useful site for system & network admin

https://wintelguy.com/ Site Contents: MAC / WWN Lookup RAID Calculators DWPD, TBW, GB/day Calc. TB / TiB / GB / GiB Converter Backup Calculator Virtualization Calculators IP Subnet Calculator Network Throughput File Transfer Time Calculator WAN Latency DNS Lookup IP Locator eMail Tracer WHOIS Port Database Search Password Generator Power Unit Conversion Text Tools Cost Calculators
1 comment
Read more