Escolar Documentos
Profissional Documentos
Cultura Documentos
Content Tables
Before we install openvpn we need to prepare our server: we install CentOS 5.5
with two network card
This network structure external client want to access to internal network work by
use VPN connection through internet.
1
Topic 3: install package
2
#vi vars
3
#./build-key-server server create certificate for server
4
#./build-key client1 create certificate for client ( Not one certification can use only
one client)
5
After we need to configure on file server.conf
#vi /etc/openvpn/server.conf
port 1194 Use port 1194.
proto udp Use udp protocol. You can change this into tcp as you wish. It seems
that udp is faster. Tcp can be used when you are using a udp banned network.
dev tun Mode. You can choose tun or tap. I don’t wanna explain this.
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
plugin /usr/share/openvpn/plugin/lig/openvpn-auth-pam.so login allow client to
authentication user name and password with linux system or pam
server 10.8.0.0 255.255.255.0 Sub network for VPN clients
push "dhcp-option DNS 124.108.4.130" Use DNS of OpenDNS.
Push “route 192.168.10.0 255.255.255.0” allow route to internal client
push "redirect-gateway" Let all traffic from client to go though with this VPN
server. Remove this line if you don’t want it.
ifconfig-pool-persist ipp.txt Let OpenVPN server to record the last used IP for each
client, which allows client to use the same IP when reconnected.
keepalive 10 120
comp-lzo Enable compression for saving bandwidth.
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client Allow clients to communicate with each others.
6
Topic 5: Install openvpn and configure on client
To install openvpn on client we need to download package on
http://openvpn.net/release/openvpn-2.1.1-install.exe
and after we install
7
After we need to configure on file clinet.ovpn
client
dev tun
proto udp
remote 192.168.1.248 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
ns-cert-type server
comp-lzo
verb 3
8
And now it is connected
Finish openvpn!!