hostgliders
New member
A VPN is a private network that runs over a public network.The traffic over a VPN is encrypted and authenticated via an SSL certificate, a password, or a two-factor authentication mechanism.
Here , we can discuss how to set up an open vpn server and clien t:uhh:
****Server Side****
The OpenVPN software and its dependencies are available in the EPEL repository.
Consider a server with hostname server.example.com running CentOS and a public IP 1x.x.x.x
In a CentOS server, you can Install OpenVPN server by the following command.
>>> yum install openvpneasy-rsa
By default easy-rsascripts are located in the /usr/share/easy-rsa/ directory. Create a directory /easy-rsa/keys inside the /etc/openvpn directory and copy the scripts to /easy-rsa/keys.
>>> mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Create CA Certificate and CA key
>>> Edit file /etc/openvpn/easy-rsa/varsand add the values of country, email etc..inthe section
exportKEY_COUNTRY=””
exportKEY_PROVINCE=””
exportKEY_CITY=””
exportKEY_ORG=””
exportKEY_EMAIL=””
exportKEY_OU=””
>>>save the file and exit, navigate to /etc/openvpn/easy-rsa/ directory
cd/etc/openvpn/easy-rsa/
cp openssl-1.0.0.cnf openssl.cnf
source./vars
./clean-all
./build-ca
>>> This will generateCA certificateand CA key.Next createa certificate and key using the command
./build-key-server [hostname]
>>> Create certificate and key for VPN clients using the following command
./build-key client
>>> The keys and certificates will be generated in the directory /etc/openvpn/easy-rsa/keys/.
Copy the files to the directory /etc/openvpn/
cd/etc/openvpn/easy-rsa/keys/
cpdh2048.pemca.crt*****.crt*****.key /etc/openvpn/
VPN server Configuration.
Copy the file server.conffile to directory /etc/openvpn/
cp/usr/share/doc/openvpn-2.x.x/sample/sample-config-files/server.conf/etc/openvpn/
>>> Find and uncomment the following lines in the file
dhdh2048.pem
push”redirect-gateway def1 bypass-dhcp”
push”dhcp-option DNS 8.8.8.8″
push”dhcp-option DNS 8.8.4.4″
usernobody
groupnobody
>>> Save and close
>>> Copy the file client.conffile to /root/ (This file should be neededtolater copying to the VPN clients)
vi/root/client.conf
>>> Add the VPN server IP address
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 192.0.2.100 1194
Save and close.
>>> Copy this file to your VPN client machine.
Lastly, Start the OpenVPN service using the following commands
serviceopenvpnstart
chkconfigopenvpnon
****Client Side****
Install OpenVPN package by the following command
yum install openvpn
Start the OpenVPN client service by the commands
service openvpn start
chkconfigopenvpnon
>>> Check the tun0 interface is created by the command
Ifconfig
>>> On successful completion the VPN server will automatically assign an IP address to the VPN client.
Check if you can ping your VPN server from client systems
=============*********===============:smash::smash::smash:
Here , we can discuss how to set up an open vpn server and clien t:uhh:
****Server Side****
The OpenVPN software and its dependencies are available in the EPEL repository.
Consider a server with hostname server.example.com running CentOS and a public IP 1x.x.x.x
In a CentOS server, you can Install OpenVPN server by the following command.
>>> yum install openvpneasy-rsa
By default easy-rsascripts are located in the /usr/share/easy-rsa/ directory. Create a directory /easy-rsa/keys inside the /etc/openvpn directory and copy the scripts to /easy-rsa/keys.
>>> mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Create CA Certificate and CA key
>>> Edit file /etc/openvpn/easy-rsa/varsand add the values of country, email etc..inthe section
exportKEY_COUNTRY=””
exportKEY_PROVINCE=””
exportKEY_CITY=””
exportKEY_ORG=””
exportKEY_EMAIL=””
exportKEY_OU=””
>>>save the file and exit, navigate to /etc/openvpn/easy-rsa/ directory
cd/etc/openvpn/easy-rsa/
cp openssl-1.0.0.cnf openssl.cnf
source./vars
./clean-all
./build-ca
>>> This will generateCA certificateand CA key.Next createa certificate and key using the command
./build-key-server [hostname]
>>> Create certificate and key for VPN clients using the following command
./build-key client
>>> The keys and certificates will be generated in the directory /etc/openvpn/easy-rsa/keys/.
Copy the files to the directory /etc/openvpn/
cd/etc/openvpn/easy-rsa/keys/
cpdh2048.pemca.crt*****.crt*****.key /etc/openvpn/
VPN server Configuration.
Copy the file server.conffile to directory /etc/openvpn/
cp/usr/share/doc/openvpn-2.x.x/sample/sample-config-files/server.conf/etc/openvpn/
>>> Find and uncomment the following lines in the file
dhdh2048.pem
push”redirect-gateway def1 bypass-dhcp”
push”dhcp-option DNS 8.8.8.8″
push”dhcp-option DNS 8.8.4.4″
usernobody
groupnobody
>>> Save and close
>>> Copy the file client.conffile to /root/ (This file should be neededtolater copying to the VPN clients)
vi/root/client.conf
>>> Add the VPN server IP address
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 192.0.2.100 1194
Save and close.
>>> Copy this file to your VPN client machine.
Lastly, Start the OpenVPN service using the following commands
serviceopenvpnstart
chkconfigopenvpnon
****Client Side****
Install OpenVPN package by the following command
yum install openvpn
Start the OpenVPN client service by the commands
service openvpn start
chkconfigopenvpnon
>>> Check the tun0 interface is created by the command
Ifconfig
>>> On successful completion the VPN server will automatically assign an IP address to the VPN client.
Check if you can ping your VPN server from client systems
=============*********===============:smash::smash::smash:
