Scribd
Upload
1K views5 pages

Openvpn Installation & Configuration

Upload provide OpenVPN Installation and configuration on Linux OS.Today i just received a mail from linux-bangalore from a techie,looking for 'setup Virtual Private Network setup on linux server'. This document could be quite usefull for others too.

Uploaded by

api-3700547
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views5 pages

Openvpn Installation & Configuration

Upload provide OpenVPN Installation and configuration on Linux OS.Today i just received a mail from linux-bangalore from a techie,looking for 'setup Virtual Private Network setup on linux server'. This document could be quite usefull for others too.

Uploaded by

api-3700547
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Rajesh and Sajesh 6/12/2006 R-1.

1) Introduction

What is OpenVPN

OpenVPN is a robust and highly flexible tunneling application.

OpenVPN supports SSL/TLS security, ethernet bridging, TCP or UDP tunnel


transport through proxies or NAT, support for dynamic IP addresses and
DHCP, scalability to hundreds or thousands of users, and portability to
most major OS platforms.

In the testing scenario Hardware & OS

Server
Amd system with Redhat EL3 installed
HDD –40GB
Ram-- 512MB

Client
Amd system with FC5 installed
HDD -40GB
RAM-512MB

2) Installtion Step by step

Packages installed

lzo-1.08-4.1.el3.rf.i386
lzo-devel-1.08-4.1.el3.rf.i386
openvpn-2.0.7-1.fc5.rf.i386

Downloaded the latest version from

http://dries.studentenweb.org/rpm/packages/lzo/info.html
http://dries.studentenweb.org/rpm/packages/openvpn/info.html

Installation procedure

#cd /
# mkdir packages ------ Copy the files downloaded files to this folder
#cd /packages
# rpm -ivf lzo-1.08-4.1.el3.rf.i386
Rajesh and Sajesh 6/12/2006 R-1.0

# rpm -ivf lzo-devel-1.08-4.1.el3.rf.i386


# rpm -ivf openvpn-2.0.7-1.fc5.rf.i386

The files will be stored in /usr/share/doc/openvpn-2.0.7/

Configuration

# cd /usr/share/doc/openvpn-2.0.7/easy-rsa

#chmod 744 clean-all


#chmod 744 build*
#chmod 744 sign-req
#mkdir keys

run these commands


**********************************************************************
export KEY_DIR=/usr/share/doc/openvpn-2.0.7/easy-rsa/keys
export KEY_CONFIG=/usr/share/doc/openvpn-2.0.7/easy-rsa/openssl.cnf
export KEY_SIZE=1024
export KEY_COUNTRY=IN
export KEY_PROVINCE=KA
export KEY_CITY=Bangalore
export KEY_ORG="OpenVPN-TEST"
export KEY_EMAIL="[email protected]"
***********************************************************************

[root@las easy-rsa]#./clean-all

run these commands again


**********************************************************************
export KEY_DIR=/usr/share/doc/openvpn-2.0.7/easy-rsa/keys
export KEY_CONFIG=/usr/share/doc/openvpn-2.0.7/easy-rsa/openssl.cnf
export KEY_SIZE=1024
export KEY_COUNTRY=IN
export KEY_PROVINCE=KA
export KEY_CITY=Bangalore
export KEY_ORG="OpenVPN-TEST"
export KEY_EMAIL="[email protected]"

creating a CA cerificate & CA key

#./build-ca

Build Diffie Hellman parameters


Rajesh and Sajesh 6/12/2006 R-1.0

#./build-dh

Build the server keys

#./build-key-server las

Build the client keys

#./build-key client1 --- Just use a different email address when prompted for the common
name.

The files created will be saved in /usr/share/doc/openvpn-2.0.7/easy-rsa/keys/

3) Basic Configuration step by step

go to folder /usr/share/doc/openvpn-2.0.7/easy-rsa/keys/

Configuring for Server

usr/share/doc/openvpn-2.0.7/sample-config-files/

to

/usr/share/doc/openvpn-2.0.7/easy-rsa/keys

edit server.conf file

make changes for these lines

ca ca.crt
cert las.crt
key las.key

(use all the reamining settings as default)

(las is the name given when creating the server certification files)

Configuring client

copy the confi

Do the Openvpn installation as mentioned above in the client system


Rajesh and Sajesh 6/12/2006 R-1.0

Copy the client.conf file from

/usr/share/doc/openvpn-2.0.7/sample-config-files/

to

/usr/share/doc/openvpn-2.0.7/easy-rsa/keys

edit client.conf file

make changes for these lines

remote <server Ipaddress> 1194


ca ca.crt
cert client1.crt
key client1.key

(use all the reamining settings as default)

(client1 is the name given when creating the client certification files)

Starting the server

go to /usr/share/doc/openvpn-2.0.7/easy-rsa/keys

#openvpn server.conf

A normal server startup should look like this (output will vary across platforms):

Sun Feb 6 20:46:38 2005 OpenVPN 2.0_rc12 i686-suse-linux [SSL] [LZO] [EPOLL] built on Feb 5 2005

Sun Feb 6 20:46:38 2005 Diffie-Hellman initialized with 1024 bit key

Sun Feb 6 20:46:38 2005 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Feb 6 20:46:38 2005 TUN/TAP device tun1 opened
Sun Feb 6 20:46:38 2005 /sbin/ifconfig tun1 10.8.0.1 pointopoint 10.8.0.2 mtu
1500
Sun Feb 6 20:46:38 2005 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw
10.8.0.2
Sun Feb 6 20:46:38 2005 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:23 ET:0
EL:0 AF:3/1 ]
Sun Feb 6 20:46:38 2005 UDPv4 link local (bound): [undef]:1194
Sun Feb 6 20:46:38 2005 UDPv4 link remote: [undef]
Sun Feb 6 20:46:38 2005 MULTI: multi_init called, r=256 v=256
Sun Feb 6 20:46:38 2005 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Feb 6 20:46:38 2005 IFCONFIG POOL LIST
Sun Feb 6 20:46:38 2005 Initialization Sequence Completed
Rajesh and Sajesh 6/12/2006 R-1.0

Starting the client

go to /usr/share/doc/openvpn-2.0.7/easy-rsa/keys in the client system

openvpn client.conf

A normal client startup on Windows will look similar to the server output
above, and should end with the Initialization Sequence Completed message.

Now, try a ping across the VPN from the client. If you are using routing (i.e. dev tun in the server
config file), try:

ping 10.8.0.1

If the ping succeeds, congratulations! You now have a functioning VPN

You might also like