Install Openvpn on CentOS 5.5

Content Tables

Prepare for installation ...............................................................page 1 Requirements for install openvpn................................................page 1 Install package ............................................................................page 2 Configure openvpn server..........................................................page 2 Configure install openvpn client and configure..........................page 7

Topic 1: Prepare for installation

Before we install openvpn we need to prepare our server: we install CentOS 5.5 with two network card

This network structure external client want to access to internal network work by use VPN connection through internet.

Topic 2: Requirements for installation

To install openvpn on CentOS 5.5 we need to install package dependency - Lzo and lzo-devl: for compress package - Openssl and openssl-devel: for create certificate - Pam-devel: for openvpn authentication - Openvpn: for openvpn server - Gcc: for complete software

1

Topic 3: install package

To install package the first we need to install#yum install -y wget install tool for download package#yum install -y yum-priorities let your yum to install more packages.#cd /tmp#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm for x86 (32bit) only#rpm -i rpmforge-release-0.5.1-1.el5.rf.*.rpm#yum check-update#yum install lzo#yum install lzo-devel#yum install openssl#yum install openssl-devel#yum install pam-devel#yum install gcc#yum install openvpn

Topic 4: Configure openvpn server

After we install openvpn server on CentOS 5.5 we need to copy #cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/After we copy we need to create certificate for server and client #cd /etc/openvpn/easy-rsa/2.0/#. ../vars#chmod +rwx * #source ./var #vi ../vars

2

#vi vars

#./build-ca Input your location and org name.#source ./vars#./clean-all#./build-ca Always press enter directly. You can verify your infomation in this step.

3

#./build-key-server server create certificate for server

4

#./build-key client1 create certificate for client ( Not one certification can use only one client)

After we create certificate we need to copy certificate to config folder #cp keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/

#./build-dh This may take a while.#cp keys/dh1024.pem /etc/openvpn/

5

After we need to configure on file server.conf#vi /etc/openvpn/server.confport 1194 Use port 1194.proto udp Use udp protocol. You can change this into tcp as you wish. It seems that udp is faster. Tcp can be used when you are using a udp banned network.dev tun Mode. You can choose tun or tap. I don’t wanna explain this.ca ca.crtcert server.crtkey server.keydh dh1024.pemplugin /usr/share/openvpn/plugin/lig/openvpn-auth-pam.so login allow client to authentication user name and password with linux system or pamserver 10.8.0.0 255.255.255.0 Sub network for VPN clientspush "dhcp-option DNS 124.108.4.130" Use DNS of OpenDNS.Push “route 192.168.10.0 255.255.255.0” allow route to internal client push "redirect-gateway" Let all traffic from client to go though with this VPN server. Remove this line if you don’t want it.ifconfig-pool-persist ipp.txt Let OpenVPN server to record the last used IP for each client, which allows client to use the same IP when reconnected.keepalive 10 120comp-lzo Enable compression for saving bandwidth.user nobodygroup userspersist-keypersist-tunstatus openvpn-status.logverb 3client-to-client Allow clients to communicate with each others.

After we configure server.conf we can start services #/etc/init.d/openvpn restart

6

Topic 5: Install openvpn and configure on client To install openvpn on client we need to download package on http://openvpn.net/release/openvpn-2.1.1-install.exe and after we install

After we install we need copy client.ovpn C:\Program Files\OpenVPN\sample-config to directory below Certificate we need to copy from server

7

After we need to configure on file clinet.ovpnclientdev tunproto udpremote 192.168.1.248 1194resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert client1.crtkey client1.keyauth-user-passns-cert-type servercomp-lzoverb 3

After you can start openvpn client and connect

8

And now it is connected

Client well get new virtual IP address

Test client access to internal

Finish openvpn!!

9