Published March 25, 2013 by

Setup OpenVPN Centos 6.3

Share

I found a lot of documentation and this is my setup

install the necessary packages

#yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel lzo lzo-devel openssl-devel automake imake pkgconfig gcc-c++ libcrypto.so.6

install openvpn

#yum install openvpn

Copy the files

#cp -r /usr/share/doc/openvpn-2.1.3/easy-rsa/ /etc/openvpn/

Create the certificate.
You’ll be asked to fill the field data, you can empty that with click enter repeatedly, but the one
you have to fill is the “Common Name� field.

#cd /etc/openvpn/easy-rsa/2.0
#source ./vars
#./vars
#./clean-all

Build Key Server

#./build-key-server server

Build Diffie Hellman

#./build-dh

Create the server.conf on the directory /etc/openvpn

This is a sample:

local 123.123.123.123 #- change it with your server ip address
port 1234 #- change the port you want
proto tcp #- protocol can be tcp or udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 4.2.2.1”
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Start OpenVPN

#service openvpn start

Generate certificates for the users

./build-key client1 (Ex: ./build-key MyUserName)

Download and setup the OpenVPNClient

Create the myclient.openvpn file

# OpenVPN(v2.0) configuration script

client
proto udp
resolv-retry 20
keepalive 10 120
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 2
persist-key
persist-tun
verb 1
tls-exit
dev tun0
cert /MyUserName.crt  # this file and the .key file must be copied from the server when you generate the User.
key MyUserName.key
ca ca.crt
remote x.y.z.w 1194 #ip address of the server

Routing all client traffic through the VPN

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Saving iptables configuration

#/etc/init.d/iptables save

Start the VPNServer  

#service openvpn start

Reference

http://www.zoobey.com/index.php/resources/all-articles-list/619-installing-openvpn-on-centos-5-and-centos-6

Kenio Carvalho

Kenio Carvalho