Difference between revisions of "OpenVPN 2.3 or lower on Centos 6"
Line 103: | Line 103: | ||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123 | ||
</pre> | </pre> | ||
− | Change 123.123.123.123 to correct server IP. | + | Change 123.123.123.123 to correct server IP.<br/> |
IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh. | IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh. | ||
<pre> | <pre> |
Revision as of 16:56, 27 March 2013
This guide shows how to install OpenVPN on Centos 6 x64
Check out if tun/tap is active:
cat /dev/net/tun
If tun is active you should receive this:
cat: /dev/net/tun: File descriptor in bad state
Make sure you have these packages installed:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Download LZO RPM
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Download RPMForge Repo
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Build the rpm packages:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-*.rpm rpm -Uvh rpmforge-release*
Install OpenVPN:
yum install openvpn -y
Copy the easy-rsa folder to /etc/openvpn/:
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
Open up /etc/openvpn/easy-rsa/2.0/vars and change the below line:
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
to:
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
And save changes.
Create the certificate:
cd /etc/openvpn/easy-rsa/2.0 chmod 755 * source ./vars ./vars ./clean-all
Build CA:
./build-ca
Build key server:
./build-key-server server
Build Diffie Hellman
./build-dh
Copy server config file server.conf from /usr/share/doc/openvpn-2.2.2/ to /etc/openvpn
cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/
Edit the file to get proper configuration. For example, specify path to ca, cert, key, such as /etc/openvpn/easy-rsa/2.0/keys/
Disable SELinux in /etc/selinux/config by changing
SELINUX=enforcing
to
SELINUX=disabled
Now enable IP forwarding. Open the file /etc/sysctl.conf and change
net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1
Save changes using command:
sysctl -p
Start OpenVPN
service openvpn start
If no OpenVZ is used add the below line to firewall:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
If OpenVZ is used add these rules to firewall:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123
Change 123.123.123.123 to correct server IP.
IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123
If the above rules cause you any problems or don’t seem to work (Especially on cPanel servers) then remove the rules above and use below:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
Change 123.123.123.123 to correct server IP. Save the changes
service iptables save service iptables restart
Make OpenVPN start at boot:
chkconfig openvpn on
Generate clients
./build-key client1 ./build-key client2 ./build-key client3
Download client config sample file from /usr/share/doc/openvpn-2.0/ and edit it to required configuration
Download client files from /etc/openvpn/easy-rsa/2.0/keys/
Upload these files to OpenVPN directory on client machine.