Difference between revisions of "OpenVPN 2.3.6 on Centos 6"
Line 67: | Line 67: | ||
chkconfig openvpn on | chkconfig openvpn on | ||
chkconfig iptables on | chkconfig iptables on | ||
+ | |||
+ | |||
+ | |||
The files you will need on a client side: | The files you will need on a client side: | ||
Line 75: | Line 78: | ||
[http://wiki.vpsget.com/index.php/Configure_OpenVPN_client_on_Windows How to configure OpenVPN client on Windows] | [http://wiki.vpsget.com/index.php/Configure_OpenVPN_client_on_Windows How to configure OpenVPN client on Windows] | ||
+ | |||
+ | <br> | ||
+ | |||
+ | >>[https://billing.vpsget.com/cart.php?a=add&pid=17 '''Get OpenVPN Ready2Go VPS. $5.95 p/m] 512RAM,20GB SAS,2Tb, Netherlands, EU''' | ||
+ | remember to enable TUN/TAP in SolusVM CP after you got access. | ||
+ | |||
+ | ------------------------------------------------------------ | ||
[[Category:Linux]] | [[Category:Linux]] |
Revision as of 11:25, 9 March 2015
Install Epel repository
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
install openvpn
yum install openvpn nano cd /etc/openvpn wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz tar -zxvf EasyRSA-3.0.0-rc2.tgz mv EasyRSA-3.0.0-rc2 server cd /etc/openvpn/server ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req server nopass ./easyrsa gen-dh cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/ cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/ cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/ cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/
Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...)
cd /etc/openvpn wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz tar -zxvf EasyRSA-3.0.0-rc2.tgz mv EasyRSA-3.0.0-rc2 client1 cd client1 ./easyrsa init-pki ./easyrsa gen-req client1 nopass ./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1 ./easyrsa sign-req client client1
Enable forwarding
nano /etc/sysctl.conf
Set the following value
net.ipv4.ip_forward = 1
Apply
sysctl -p
Add firewall rules.
Change venet0 to your actual interface.
iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables-save >/etc/sysconfig/iptables service iptables restart
Create openvpn conf file
nano /etc/openvpn/server.conf
Paste the following lines
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
Start openvpn
service openvpn start chkconfig openvpn on chkconfig iptables on
The files you will need on a client side:
/etc/openvpn/client/pki/private/client1.key /etc/openvpn/server/pki/issued/client1.crt /etc/openvpn/server/pki/ca.crt /etc/openvpn/server/pki/dh.pem
How to configure OpenVPN client on Windows
>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU remember to enable TUN/TAP in SolusVM CP after you got access.