OpenVPN and CentOS 5 Installation and Configuration Guide Many ppl found that installing VPN on linux is not that easy, the abvailable installation guides on VPN is often limited. I have tried a lot of installation guides and finally get it connected successfully. Here are the steps to guide you installed a secure connection between your� CentOS5 and Windows with OpenVPN open source application. 1. Download the required package files. #wget http://openvpn.net/release/openvpn-2.0.9.tar.gz #wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm 2. Install and build your download files You may need the required repository before start your installation #yum install rpm-build #yum install autoconf.noarch #yum install zlib-devel #yum install pam-devel #yum install openssl-devel If you have the above dependencies installed, you can start your installation as follows: #rpmbuild –rebuild lzo-1.08-4.rf.src.rpm #rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm #rpmbuild -tb openvpn-2.0.9.tar.gz #rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm 3. Copy configuration files #cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ #cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/ 4. CA configuration #cd /etc/openvpn/easy-rsa/ #pico vars (or use vi editor, I just like to use pico) then scroll down to the bottom, edit as you like. export KEY_COUNTRY=AU export KEY_PROVINCE=VIC export KEY_CITY=MELBOURNE export KEY_ORG=”THROXVPN” export KEY_EMAIL=”name@email.com” #.� ./vars (note a space between . . ) #./clean-all 5. Build CA #./build-ca Generating a 1024 bit RSA private key ………………………++++++ …………………….++++++ writing new private key to ‘ca.key’ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [AU]: State or Province Name (full name) [VIC]: Locality Name (eg, city) [MELBOURNE]: Organization Name (eg, company) [THROXVPN]: Organizational Unit Name (eg, section) []:Throx Common Name (eg, your name or your server’s hostname) []:throx.net Email Address [name@mail.com]: Some information above already entered in step 4, hust hit enter and go to next line. 6. Building server key #./build-key-server ovpnsrv1 Generating a 1024 bit RSA private key ………………………………….++++++ …………………….++++++ writing new private key to ‘ovpnsrv1.key’ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [AU]: State or Province Name (full name) [VIC]: Locality Name (eg, city) [MELBOURNE]: Organization Name (eg, company) [THROXVPN]: Organizational Unit Name (eg, section) []:Throx Common Name (eg, your name or your server’s hostname) []:throx.net Email Address [name@email.com]: Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject’s Distinguished Name is as follows countryName����������😛 RINTABLE:’AU’ stateOrProvinceName��😛 RINTABLE:’VIC’ localityName���������😛 RINTABLE:’MELBOURNE’ organizationName�����😛 RINTABLE:’THROXVPN’ organizationalUnitName:PRINTABLE:’Throx’ commonName�����������😛 RINTABLE:’throx.net’ emailAddress��������� :IA5STRING:’name@email.com’ Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated 7. Building Diffie Hellman #./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time (Wait until it finished) 8. Copy key certificates to the required folder #cp keys/ca.crt ../ #cp keys/dh1024.pem ../ #cp keys/ovpnsrv1.key ../ #cp keys/ovpnsrv1.crt ../ 9. OpenVPN configuration #cd ../ #pico server.conf dev tap ;dev tun ca ca.crt cert ovpnsrv1.crt key ovpnsrv1.key # This file should be kept secret 10. Startup the OpenVPN service (Finally, hold your breath) #service openvpn restart #chkconfig openvpn on Windows Client Installation and Configuration 1. Download a copy of windows client http://openvpn.net/release/openvpn-2.0.9-install.exe and install it. 2. Create CA in windows machine Open windows cmd.exe command promp and change directory (cd) into c:\program files\openvpn\ >copy vars.bat.sample vars.bat >edit vars.bat (scroll down to the bottom) set KEY_COUNTRY=AU set KEY_PROVINCE=VIC set KEY_CITY=MELBOURNE set KEY_ORG=THROXVPN set KEY_EMAIL=name@mail.com note: the above information must be same as the details set in server previously. 3. Run the file vars.bat >vars 4. Build client’s key and certificate >copy openssl.cnf.sample openssl.cnf >md keys >build-key vpnhome 5. Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys #cd /etc/openvpn/easy-rsa/ #./sign-req vpnhome Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject’s Distinguished Name is as follows countryName����������😛 RINTABLE:’AU’ stateOrProvinceName��😛 RINTABLE:’VIC’ localityName���������😛 RINTABLE:’MELBOURNE’ organizationName�����😛 RINTABLE:’THROXVPN’ organizationalUnitName:PRINTABLE:’Throx’ commonName�����������😛 RINTABLE:’throx.net’ emailAddress��������� :IA5STRING:’name@mail.com’ Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated 6. Copy new signed certificate to your windows machine Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file – ca.crt and vpnhome.crt Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config 7. Setting the client configuration for OpenVPN Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config Edit it with the followings changes, similar to what you have done in the linux server dev tap ;dev tun dev-node OpenVPN_Tap remote 1194� (example: remote 202.188.1.1 1194) ca ca.crt cert alanghome.crt key alanghome.key ns-cert-type server 8. Configure the network interface for OpenVPN Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)” Right-Click to rename as ‘OpenVPN_Tap’ 9. Startup the connection of client Go to START>All Programs>OpenVPN>OpenVPN GUI , click it In the task-bar, select “OpenVPN GUI” -> right-click “Connect” Phew…. if everything set correctly, now you should be connected to your linux via OpenVPN. Source: http://yumax1012.blogspot.com/2007/08/install-openvpn-on-centos-44.html

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: