I found a lot of documentation and this is my setup
install the necessary packages
#yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel lzo lzo-devel openssl-devel automake imake pkgconfig gcc-c++ libcrypto.so.6
install openvpn
#yum install openvpn
Copy the files
#cp -r /usr/share/doc/openvpn-2.1.3/easy-rsa/ /etc/openvpn/
Create the certificate.
You’ll be asked to fill the field data, you can empty that with click enter repeatedly, but the one
you have to fill is the “Common Name� field.
#cd /etc/openvpn/easy-rsa/2.0
#source ./vars
#./vars
#./clean-all
Build Key Server
#./build-key-server server
Build Diffie Hellman
#./build-dh
Create the server.conf on the directory /etc/openvpn
This is a sample:
local 123.123.123.123 #- change it with your server ip address
port 1234 #- change the port you want
proto tcp #- protocol can be tcp or udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 4.2.2.1”
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
Start OpenVPN
#service openvpn start
Generate certificates for the users
./build-key client1 (Ex: ./build-key MyUserName)
Download and setup the OpenVPNClient
Create the myclient.openvpn file
# OpenVPN(v2.0) configuration script
client
proto udp
resolv-retry 20
keepalive 10 120
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 2
persist-key
persist-tun
verb 1
tls-exit
dev tun0
cert /MyUserName.crt # this file and the .key file must be copied from the server when you generate the User.
key MyUserName.key
ca ca.crt
remote x.y.z.w 1194 #ip address of the server
Routing all client traffic through the VPN
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Saving iptables configuration
#/etc/init.d/iptables save
Start the VPNServer
#service openvpn start
Reference