OpenVPN community edition, freely available to download; in our
article we are covering complete installation & configuration of
OpenVPN service on Centos 6 server environment. Also this will explain
you about, how to install and configure OpenVPN client machine (windows
& Linux) to connect OpenVPN server.
[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm
[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm
Note : EPEL repository can be installed directly using below command
“#rpm -ivh http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm”
#yum install lzo lzo-devel
#unzip master
#mkdir /etc/openvpn/keys
#source ./vars
#./clean-all
#./build-ca
#./build-key-server server
(You can apply suitable client name like vpnuser1 , vpnclient1 and repeat this step as many as client your going to create.)
Country Name (2 letter code) [IN]:
State or Province Name (full name) [AP]:
Locality Name (eg, city) [Mumbai]:
Organization Name (eg, company) [SolutionsatExperts]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server’s hostname) [client1]:
Name [SecurityKey]:
Email Address [admin@solutionsatexperts.cm]:
………+…………………………….+………..+………………………………………………………………………………………………………..
********************END of output*****************
[root@iGateway keys]# cp -rp ca.crt server.key server.crt dh2048.pem /etc/openvpn/
key server.key # This file should be kept secret
dh dh2048.pem #default value is dh1024.pem replace with dh2048.pem
Target OpenVPN server should have public IP address in order to establish connectivity from client machines.
OpenVPN download as source package or download and install using EPEL repository.
Installing OpenVPN using EPEL (Extra Packages for Enterprise Linux) repository.
Step 1 : “http://epel.mirror.net.in/epel/ (from here you can select and download required version repository package).”
On Redhat / Centos 6 32-bit
[root@solutons]#wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm
On Redhat / Centos 6 64-bit
[root@solutions]#wget http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm[root@solutions]#rpm -ivh epel-release-6-8.noarch.rpm
Note : EPEL repository can be installed directly using below command
“#rpm -ivh http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm”
Step 2 : After installing EPEL repository as explained in step1 you can start installing OpenVPN package using yum.
#yum install openvpn -y#yum install lzo lzo-devel
Note: Default all OpenVPN configuration files located
in “/etc/openvpn/”, if not you can copy from
“/usr/share/doc/openvpn-2.3.1/sample/sample-config-files” to
/etc/openvpn/.
OpenVPN server configuration file
/etc/openvpn/server.conf
(OpenVPN server configuration file for server ,except server.conf file
you can remove all other .conf files)
OpenVPN client configuration file
./etc/openvpn/client.conf (OpenVPN client
configuration file for client , except client.conf file you can remove
all other .conf files)
Sample configuration files are located in “/usr/share/doc/openvpn-2.3.1/sample/sample-config-files”
Example:
[root@iGateway sample-config-files]# pwd
/usr/share/doc/openvpn-2.3.1/sample/sample-config-files
/usr/share/doc/openvpn-2.3.1/sample/sample-config-files
Step 3 : Creating your own Certificate Authority (CA) , generating keys and certificates for server and clients using easy-rsa.
Note : for 2.2.x Easy-rsa , a set of scripts are bundled with OpenVPN.
For OpenVPN 2.3.x, you need to download easy-rsa separately from here.
Go to /etc/openvpn folder by issuing fallowing command
#cd /etc/openvpn
Download easy-rsa
#wget https://codeload.github.com/OpenVPN/easy-rsa/zip/master
Extract master.zip file by executing fallowing command
#unzip master
Example:
We finished downloading, now extracting easy-rsa files and generate required certificates and keys as explained in below steps.
Create subfolders” keys” in /etc/openvpn
#mkdir /etc/openvpn/keys
Copy requite easy-key files from /etc/openvpn/easy-rsa-master/easy-rsa/2.0
#cp -rp /etc/openvpn/easy-rsa-master/easy-rsa/2.0 /etc/openvpn/keys/
Modify certificate Authorities’ parameters by editing fallowing file
#vi /etc/openvpn/keys/vars
Change settings as indicated in below screenshot
Start building Certificate Authority based on the information given in “vars”.
Change the working directory and execute below commands
#cd /etc/openvpn/keys#source ./vars
#./clean-all
#./build-ca
Our Certificate Authority is ready now; we will start
creating certificate for OpenVPN server. When asked for inputs from
you, simply answer yes to commit
#./build-key-server server
Our server certificate is ready now, we will start
creating certificate for clients, you can repeat these steps for each of
the client machine going to use as vpn client. One certificate can be
used for multiple clients but you have to modify server.conf file .
Create client Key with this command
#./build-key client1 Create client Key with this command
(You can apply suitable client name like vpnuser1 , vpnclient1 and repeat this step as many as client your going to create.)
Output:
[root@iGateway keys]# ./build-key client1Country Name (2 letter code) [IN]:
State or Province Name (full name) [AP]:
Locality Name (eg, city) [Mumbai]:
Organization Name (eg, company) [SolutionsatExperts]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server’s hostname) [client1]:
Name [SecurityKey]:
Email Address [admin@solutionsatexperts.cm]:
*****************END of output*********************
certificates and keys are ready now, we are going to generate Diffie Hellman key exchange files using below build-dh script.
#./build-dh
Output:
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time………+…………………………….+………..+………………………………………………………………………………………………………..
********************END of output*****************
Copy certificates and keys to /etc/openvpn
#cd /etc/openvpn/keys/keys/[root@iGateway keys]# cp -rp ca.crt server.key server.crt dh2048.pem /etc/openvpn/
You can modify OpenVPN server configuration files parameters (/etc/openvpn/server.conf)
Define the location of below certificates & key files by default you can copy all certificates and keys to /etc/openvpn/ .
ca ca.crt
cert server.crtkey server.key # This file should be kept secret
dh dh2048.pem #default value is dh1024.pem replace with dh2048.pem
# Uncomment this directive to allow different clients
to be able to “see” each other. By default, clients will only see the
server.
client-to-client
#######END of VPN clients to communicate###############
Start OpenVPN service by executing below command (start/stop/restart)
#service openvpn start
Set OpenVPN service ON at default boot level
#chkconfig openvpn on
OpenVPN logs
#tail –f /var/log/messages
OR
# tail -f /etc/openvpn/openvpn-status.logInstallation OpenVPN client on Windows
In this guide we covered all the steps involved to download, install, configure & connect to OpenVPN server.
Download OpenVPN from here
Above OpenVPN windows installer can be used for
OpenVPN server configuration or OpenVPN client configuration, this can
be differentiated based the configuration file your intended to use ,
by default “server.conf” and “client.conf” configuration files located
in sample configuration folder. “C:\Program Files\OpenVPN”
"server.conf is for server based configuration purpose"
"client.conf is for client based configuration purpose"
OpenVPN server listens on UDP / TCP port 1194 , this
port can be customized for security reasons or can run multiple
instances, from client machines make sure to open up the port in
firewall for in and out going traffic otherwise connection will be
dropped.
Also you need to check at server end in firewall settings, the port number “tcp/upd” 1194 is allowed for in and out traffic.
Steps :
Step 1 : Invoke downloaded OpenVPN installer package to perform installation.
Step 2 : OpenVPN client configuration
Step 3 : Finally connect to OpenVPN
Let us see the steps in Details :
Step 1 : Invoke downloaded OpenVPN installer package to perform installation.
Invoke OpenVPN configuration destination folder as indicated below.
Copy “client.conf” configuration file from sample-config folder as indicated below
Go and paste the copied client.conf file to C:\Program Files\OpenVPN\config
Step 2 : OpenVPN client configuration
Copy client certificates and key files from OpenVPN Server which we covered in server configuration steps
Below key and certificates are required to configure
OpenVPN client, you have to copy below certificates and key from OpenVPN
server which we created during certificate and keys generation in server configuration steps.
ca : ca.crt
cert :client1.crt
key :client1.key
cert :client1.crt
key :client1.key
Create the folder called keys in C:\keys
Copy ca.crt , client1.crt & client1.key files from OpenVPN server to C:\keys\
Modify client.ovpn as indicated below. You can’t
modify this file as normal user , open notepad or WordPad as
administrator than invoke the file c:\Program Files\OpenVPN\config as
indicate below.
Do the fallowing changes (change1 & change 2)
Change 1
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.solutionsatexperts.com 1194
;remote my-server-2 1194
;remote my-server-2 1194
Change 2
# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca C://keys//ca.crt
cert C://keys//client1.crt
key C://keys//client1.key
cert C://keys//client1.crt
key C://keys//client1.key
Note : make sue to use // to specify key and certificates location , as we have copied in c:\keys
Step 3 : Finally connect to OpenVPN as indicated below..
That's it.
No comments:
Post a Comment