Linux:how to setup openvpn in centos or debain

In debain

apt-get install openvpn

In Centos

yum install openvpn

Create Certificate in debain

(a) The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". Now copy that directory into /etc/openvpn 
 
#cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
# cd /etc/openvpn/2.0/
 
(b). Now we will create the certificate for CA
 
#. ./vars
 
#./clean-all
 
#./build-ca
 
7. Then we will create the certificate for server
 
#./build-key-server server
 
(c). Then we will create the certificate for client
 
#./build-key client
 
(d). We will build diffie hellman
 
#./build-dh
 
(e). now all the keys should be created in /keys
 
#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/
 
#ls -al
ca.key ca.crt server.key server.csr server.crt client.key client.crt client.csr

Note :
Now we have the keys and certificates. So we will send them to our clients who want to connect OPENVPN Server. Just be sure that:

ca.key-> only,must be in CA Server

client.crt-> only,must be in Client

client.key-> only,must be in Client

server.crt-> only,must be in OPENVPN Server

server.key-> only,must be in OPENVPN Server

ca.crt-> must be in CA Server and all of the clients.

Openvpn server file configuration : (In debain)

(a) create a file in /etc/openvpn/server.conf
#vim /etc/openvpn/server.conf

and past the following :

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
 
#Note:
#(it should be a network that you DONT currently use)
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#Note
#(whatever the network is that you want the VPN client to connect to)
push "route 192.168.2.0 255.255.255.0"
#push "redirect-gateway def1"
push "dhcp-option DNS 192.168.2.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3

Now Restart the openvpn server

/etc/init.d/openvpn restart

Make sure firewall can forward port 1194 to your openvpn server

Leave a Reply

*