OpenVpn Setup

Server Configuration

Step 1 : Install the OpenVPN package

yum install openvpn -y

Step 2 : OpenVPN ships with only a sample configuration, so we will copy the configuration
file to its destination:

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Step 3 : Download the easy-rsa from git

wget https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip
unzip 2.x.zip

mv easy-rsa-release-2.x/easy-rsa/2.0 /etc/openvpn/

Step 4 : Edit the “vars” file which provides the easy-rsa scripts with required information.

vim /etc/openvpn/2.0/vars

At the bottom of the file change the values like below.
export KEY_COUNTRY="IN"
export KEY_PROVINCE="KA"
export KEY_CITY="BA"
export KEY_ORG="ABC"
export KEY_EMAIL="xyz@abc.com"
export KEY_OU="ABCD"

Step 5 : Build the CA certificate authority and generate the certificate for the server

cd /etc/openvpn/2.0/

source ./vars
./clean-all
./build-ca

Now create the certificate for the server

./build-key-server server

Step 6 : Generate the Diffie Hellman key exchange files and copy all files to /etc/openvpn

cd /etc/openvpn/2.0/keys

./build-dh

cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/

Edit server.conf and update the “dh” line from 1024 to 2048

vim /etc/openvpn/server.conf

dh dh2048.pem

/etc/init.d/openvpn restart

uncomment “client-to-client” for client to client communication.

Client Configuration

Step 1 : First, install the OpenVPN package

yum install openvpn -y

cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf  /etc/openvpn/

Step 2 : SSH to OpenVPN server

Step 3 : Create the certificate for the client in server machine.

source ./vars

./build-key client-unni

Following keys client-unni.crt ca.crt client-unni.key  has to be moved from OpenVPN server to OpenVPN client machine in /etc/openvpn dir.

Step 4 : open /etc/openvpn/client.conf file in client machine, and edit below lines
remote my-server-1 1194 ##Replace my-server-1 with server public ip (1.2.3.4.)  address ##
cert client.crt ## Replace with proper name of the client (client-unni.crt) crt file ##
key client.key ## Replace with proper name of the client (client-unni.key) key file ##

Note : Please verify that 1194 UDP port should be open to the openvpn server from the client
machine.

Step 5 : Restart the openvpn

/etc/init.d/openvpn restart

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s