Archive for May, 2011

Linux:how to setup openvpn in centos or debain

Sunday, May 1st, 2011

In debain

apt-get install openvpn

In Centos

yum install openvpn

Create Certificate in debain

(a) The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". Now copy that directory into /etc/openvpn 
#cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
# cd /etc/openvpn/2.0/
(b). Now we will create the certificate for CA
#. ./vars
7. Then we will create the certificate for server
#./build-key-server server
(c). Then we will create the certificate for client
#./build-key client
(d). We will build diffie hellman
(e). now all the keys should be created in /keys
#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/
#ls -al
ca.key ca.crt server.key server.csr server.crt client.key client.crt client.csr

Note :
Now we have the keys and certificates. So we will send them to our clients who want to connect OPENVPN Server. Just be sure that:

ca.key-> only,must be in CA Server

client.crt-> only,must be in Client

client.key-> only,must be in Client

server.crt-> only,must be in OPENVPN Server

server.key-> only,must be in OPENVPN Server

ca.crt-> must be in CA Server and all of the clients.

Openvpn server file configuration : (In debain)

(a) create a file in /etc/openvpn/server.conf
#vim /etc/openvpn/server.conf

and past the following :

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
#(it should be a network that you DONT currently use)
ifconfig-pool-persist ipp.txt
#(whatever the network is that you want the VPN client to connect to)
push "route"
#push "redirect-gateway def1"
push "dhcp-option DNS"
keepalive 10 120
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3

Now Restart the openvpn server

/etc/init.d/openvpn restart

Make sure firewall can forward port 1194 to your openvpn server