Janux — Blog

May 8, 2007

How to OpenVPN

Filed under: Gnu/Linux — janux @ 4:05 pm

I believe this how to was here …. but … it wasn’t !!! so …. Janux introduces …
How to set up your OpenVPN server and Client :P

* Download files to compile them
go to http://openvpn.net
* Untar the files in /usr/local/src/
You need: openssl y lzo DEVEL !!
-> libopenssl0.9.8-static-devel
-> liblzo2_2-devel
* Now use this to compile your openVPN server:
./configure --enable-password-save --enable-iproute2 --with-ssl-headers=/etc/ssl/ --with-ssl-lib=/usr/lib/openssl/
* make
* make install
* mkdir /etc/openvpn
* Check if this file exist openssl.cnf if exist make sure the paths for output files are ok if not change them.
* cd /etc/openvpn
* openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650
* openssl req -nodes -new -keyout office.key -out office.csr
* mkdir demoCA
* mkdir demoCA/private
* cp my-ca.key demoCA/private/cakey.pem
* cp my-ca.crt demoCA/cacert.pem
* mkdir demoCA/newcerts
* touch demoCA/index.txt
* echo 01 > DemoCA/serial
* openssl ca -out office.crt -in office.csr
* openssl dhparam -out dh1024.pem 1024
* cp /usr/local/src/openvpn-2.0.8/sample-scripts/openvpn.init .
* cp /usr/local/src/openvpn-2.0.8/sample-config-files/server.conf .



useradd openvpn
vi /etc/passwd ( false = openvpn en bash )
mkdir /var/log/openvpn
chown -R openvpn /var/log/openvpn

./openvpn.init stop
./openvpn.init start

This is like a server.conf file looks like:

port 1194
proto udp
dev tun
ca my-ca.crt
cert office.crt
key office.key # This file should be kept secret
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.20.0 255.255.255.0"
duplicate-cn
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3

WALLAH !!!
SERVER up & running.

Now the client:

./configure --enable-password-save --enable-iproute2 --with-ssl-headers=/etc/ssl/ --with-ssl-lib=/usr/lib/openssl/
make
make install
cd /etc/openvpn
cp openvpn.init /etc/rc.d/init.d/openvpn
chkconfig --add openvpn
/etc/init.d/openvpn status
/etc/init.d/openvpn stop

copy this files from server to client in /etc/openvpn directory:

my-ca.crt office.key office.crt

client.conf file:

client
dev tun
remote REMOTE_IP_=_TO_OPENVPNSERVER_IP 1194 -> PORT
persist-key
persist-tun
route-delay 5
ping-restart 10
ping 60
ca my-ca.crt
cert office.crt
key office.key
comp-lzo
comp-noadapt
verb 4
port 1194

*** References from: OpenVPN.org, Sevilla and My self.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress