Difference between revisions of "OpenVPN 2.3.1 on Centos 6"
Line 3: | Line 3: | ||
<b>The actual KB article for the latest OpenVPN [2.3.6] version could be found here:</b> | <b>The actual KB article for the latest OpenVPN [2.3.6] version could be found here:</b> | ||
− | == [http://wiki.vpsget.com/index.php/OpenVPN_2.3.6_on_Centos_6 Click here: <span style="color:#ff0000"> OpenVPN 2.3.6 on Centos 6 </span>] == | + | == [http://wiki.vpsget.com/index.php/OpenVPN_2.3.6_on_Centos_6 Click here: <span style="color:#ff0000"> OpenVPN 2.3.6 [actual] on Centos 6 </span>] == |
<br> | <br> |
Revision as of 00:39, 12 March 2015
This article is for deprecated OpenVPN version.
The actual KB article for the latest OpenVPN [2.3.6] version could be found here:
Click here: OpenVPN 2.3.6 [actual on Centos 6 ]
>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU remember to enable TUN/TAP in SolusVM CP after you got access.
How to install [deprecated] OpenVPN 2.3.1 on Centos 6
Tested: OpenVPN 2.3.2 and OpebVPN 2.3.2 on Centos 6 VPS.
Current guide should be applicable for openvpn 2.3 and higher.
It is recommended to install epel repository first
Make sure you have these packages installed:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Download LZO RPM
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Download RPMForge Repo
x64
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
x32
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-*.rpm rpm -Uvh rpmforge-release*
Install openvpn
yum install openvpn
From the version 2.3 easy-rsa is an independent project so it has to be downloaded separately, for example like this:
cd /etc/openvpn wget https://github.com/OpenVPN/easy-rsa/releases/download/2.2.2/EasyRSA-2.2.2.tgz tar -zxvf EasyRSA-2.2.2.tgz cd EasyRSA-2.2.2
Open up /etc/openvpn/EasyRSA-2.2.2/vars and change the below line:
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
to:
export KEY_CONFIG=/etc/openvpn/EasyRSA-2.2.2/openssl-1.0.0.cnf
And save changes. Create the certificate:
cd /etc/openvpn/EasyRSA-2.2.2 chmod 755 * source ./vars ./vars ./clean-all
Build CA:
./build-ca
Build key server:
./build-key-server server
Build Diffie Hellman
./build-dh
Generate clients
./build-key client1 ./build-key client2 ./build-key client3
Copy server config file server.conf for openvpn-2.3.1
cp /usr/share/doc/openvpn-2.3.1/sample/sample-config-files/server.conf /etc/openvpn
for openvpn-2.3.2
cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn
Edit the file to get proper configuration. For example, specify path to ca, cert, key, and push public DNS
Example server config:
port 1194 proto udp dev tun ca /etc/openvpn/EasyRSA-2.2.2/keys/ca.crt cert /etc/openvpn/EasyRSA-2.2.2/keys/server.crt key /etc/openvpn/EasyRSA-2.2.2/keys/server.key dh /etc/openvpn/EasyRSA-2.2.2/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3
Save client config file with .ovpn extention
Disable SELinux in /etc/selinux/config by changing
SELINUX=enforcing
to
SELINUX=disabled
Now enable IP forwarding. Open the file /etc/sysctl.conf and change
net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1
Save changes using command:
sysctl -p
Configure /etc/sysconfig/iptables.
Please note that you should change eth0 to your proper network device , it can be eth1 or venet0 if on vps . just check your network devices with ifconfig command.
Sample config:
# Generated by iptables-save v1.4.7 on Thu Mar 28 11:52:05 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3:324] -A INPUT -i tun0 -p tcp -m tcp --dport 1194 -j ACCEPT -A INPUT -i eth0 -p gre -j ACCEPT -A FORWARD -i tun+ -o eth0 -j ACCEPT -A FORWARD -i eth0 -o tun+ -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT COMMIT # Completed on Thu Mar 28 11:52:05 2013 # Generated by iptables-save v1.4.7 on Thu Mar 28 11:52:05 2013 *nat :PREROUTING ACCEPT [6222:273716] :POSTROUTING ACCEPT [306:22159] :OUTPUT ACCEPT [306:22159] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Thu Mar 28 11:52:05 2013
Start openvpn
service openvpn start
start openvpn at system startup
chkconfig openvpn on chkconfig iptables on
If OpenVPN fails to start check if tun/tap in active:
cat /dev/net/tun
If output is:
cat: /dev/net/tun: File descriptor in bad state
than tun/tap in active, look /var/log/openvpn.log and /var/log/messages/
If output is:
cat: /dev/net/tun: No such device
than try:
mkdir -p /dev/net mknod /dev/net/tun c 10 200 chmod 600 /dev/net/tun
Download client files from /etc/openvpn/easy-rsa/2.0/keys/ Upload these files to OpenVPN directory on client machine. OpenVPN client is available on official site http://openvpn.net/index.php/ ""
How to configure OpenVPN client on Windows
How to configure OpenVPN client on Android
OpenVPN 2.3.1 Centos 6
This guide should be applicable for the openvpn 2.3.x on centos 6.
- Add user (cert) to existent OpenVPN users DB:
You simply should source the vars before creating the key . Use one of the next ways:
". vars"
or
". ./vars"
or
"source ./vars"
After that you can build key for new user:
./build-key client_new
Also refer to this guide if you would like to install double vpn
""