Install Openvpn on CentOS 5.

Content Tables

Prepare for installation ...............................................................page 1

Requirements for install openvpn................................................page 1
Install package ............................................................................page 2
Configure openvpn server..........................................................page 2
Configure install openvpn client and configure..........................page 7

Topic 1: Prepare for installation

Before we install openvpn we need to prepare our server: we install CentOS 5.5
with two network card

This network structure external client want to access to internal network work by
use VPN connection through internet.

Topic 2: Requirements for installation

To install openvpn on CentOS 5.5 we need to install package dependency

- Lzo and lzo-devl: for compress package
- Openssl and openssl-devel: for create certificate
- Pam-devel: for openvpn authentication
- Openvpn: for openvpn server
- Gcc: for complete software

1
Topic 3: install package

To install package the first we need to install

#yum install -y wget install tool for download package
#yum install -y yum-priorities let your yum to install more packages.
#cd /tmp
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-
1.el5.rf.i386.rpm for x86 (32bit) only
#rpm -i rpmforge-release-0.5.1-1.el5.rf.*.rpm
#yum check-update
#yum install lzo
#yum install lzo-devel
#yum install openssl
#yum install openssl-devel
#yum install pam-devel
#yum install gcc
#yum install openvpn

Topic 4: Configure openvpn server

After we install openvpn server on CentOS 5.5 we need to copy

#cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
After we copy we need to create certificate for server and client
#cd /etc/openvpn/easy-rsa/2.0/
#. ../vars
#chmod +rwx *
#source ./var
#vi ../vars

2
#vi vars

#./build-ca Input your location and org name.

#source ./vars
#./clean-all
#./build-ca Always press enter directly. You can verify your infomation in this
step.

3
#./build-key-server server create certificate for server

4
#./build-key client1 create certificate for client ( Not one certification can use only
one client)

After we create certificate we need to copy certificate to config folder

#cp keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/

#./build-dh This may take a while.

#cp keys/dh1024.pem /etc/openvpn/

5
After we need to configure on file server.conf
#vi /etc/openvpn/server.conf
port 1194 Use port 1194.
proto udp Use udp protocol. You can change this into tcp as you wish. It seems
that udp is faster. Tcp can be used when you are using a udp banned network.
dev tun Mode. You can choose tun or tap. I don’t wanna explain this.
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
plugin /usr/share/openvpn/plugin/lig/openvpn-auth-pam.so login allow client to
authentication user name and password with linux system or pam
server 10.8.0.0 255.255.255.0 Sub network for VPN clients
push "dhcp-option DNS 124.108.4.130" Use DNS of OpenDNS.
Push “route 192.168.10.0 255.255.255.0” allow route to internal client
push "redirect-gateway" Let all traffic from client to go though with this VPN
server. Remove this line if you don’t want it.
ifconfig-pool-persist ipp.txt Let OpenVPN server to record the last used IP for each
client, which allows client to use the same IP when reconnected.
keepalive 10 120
comp-lzo Enable compression for saving bandwidth.
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client Allow clients to communicate with each others.

After we configure server.conf we can start services

#/etc/init.d/openvpn restart

6
Topic 5: Install openvpn and configure on client
To install openvpn on client we need to download package on
http://openvpn.net/release/openvpn-2.1.1-install.exe
and after we install

After we install we need copy client.ovpn C:\Program Files\OpenVPN\sample-

config to directory below
Certificate we need to copy from server

7
After we need to configure on file clinet.ovpn
client
dev tun
proto udp
remote 192.168.1.248 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
ns-cert-type server
comp-lzo
verb 3

After you can start openvpn client and connect

8
And now it is connected

Client well get new virtual IP address

Test client access to internal

Finish openvpn!!