Install OpenVPN Server in CentOS

Source: Internet
Author: User
Tags install openssl vars openvpn gui
OpenVPN is another VPN software package different from PPTP and L2TP. it is based on ssl vpn. The use of OpenVPN requires client support. Here the system is CentOS6.2. I. check the environment required by OpenVPN. OpenVPN requires support from TUN devices and nat module support from iptables. 1. check the TUN module: modinfotun displays the following:

OpenVPN is another VPN software package different from PPTP and L2TP. it is based on ssl vpn. The use of OpenVPN requires client support. Here the system is CentOS6.2.

I. check the environment required by OpenVPN
OpenVPN requires support from TUN devices andIptables.
1. check the TUN module:
Modinfo tun
Shown as follows:

If an error is reported, the TUN device is not supported.

2. in OpenVZ VPS, the administrator needs to enable the TUN/TAP device on the hen.
Cat/dev/net/tun
If:

Cat:/dev/net/tun: File descriptor in bad state

Vps tun/TAP is available.

If:

Cat:/dev/net/tun: No such device

Otherwise, it indicates that the TUN/TAP device is not correctly configured and you need to contact customer service to activate TUN/TAP.

3. check whether iptables on OpenVZ VPS is supported:
Iptables-t nat-a postrouting-s 10.8.0.0/24-o venet0-jMASQUERADE
If:

Iptables: Unknown error 4294967295

Description supported.

II. Compile and install OpenVPN
1. install LZO
LZO is a data compression algorithm.
Cd/tmp
Wgethttp: // www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
Tar-zxvf lzo-2.06.tar.gz
Cd lzo-2.06
./Configure
Make
Make install
2. install OpenVPN
Cd/tmp
Wgethttp: // swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
Tar-zxvf openvpn-2.2.2.tar.gz
Cd openvpn-2.2.2
./Configure
Prompt:

Configure: error: OpenSSL Crypto headers not found.

It turns out that openssl is not installed:
Yum install openssl-devel
Continue installation:
./Configure
Make
Make install
Mkdir/etc/openvpn
Cp-R/tmp/openvpn-2.2.2/easy-rsa // etc/openvpn/# Copy the certificate generation script
3. generate keys and certificates
1. initialize PIK
Cd/etc/openvpn/easy-rsa/2.0/
Vim vars
Set the final certificate field value:
Export KEY_COUNTRY = "CN"
Export KEY_PROVINCE = "SH"
Export KEY_CITY = "shanghai"
Export KEY_ORG = "xxxx"
Export KEY_EMAIL = "xxx@xxx.com"
Export KEY_EMAIL = xxx@xxx.com
Export KEY_CN = tom
Export KEY_NAME = tom
Export KEY_OU = tom
Export PKCS11_MODULE_PATH = tom
Export maid = 1234
Make vars settings take effect:
Source./vars
Error:

No/etc/openvpn/easy-rsa/2.0/openssl. cnf file cocould be found
Further invocations will fail

Rename the openssl-1.0.0.cnf under the/etc/openvpn/easy-rsa/2.0 directory to openssl. cnf:
Cp openssl-1.0.0.cnf openssl-1.0.0.cnf.bak
Music openssl-1.0.0.cnf openssl. cnf
Continue to run the script to set the variables and clean up:
Source./vars
./Clean-all
Create a private key:
./Build-ca

The build-ca script is used to generate a 1024-bit RSA private key. because the vars file has been set before, press enter directly.

2. create a server key
./Build-key-server

Press enter to enter the extra attribute in the middle, and then press y.

3. create a client key
./Build-key client1

It is basically the same as the server key, and the name of each client certificate generated must be different. A client certificate corresponds to a client.

4. Generate The Diffie Hellman parameter
./Build-dh
5. download all files under keys to the local device.
You can use tools such as winscp.

6. create a server configuration file
Decompress the source code and copy the standard configuration file in the directory.
Mkdir/etc/openvpn/easy-rsa/2.0/conf/
Cp/tmp/openvpn-2.2.2/sample-config-files/server. conf/etc/openvpn/easy-rsa/2.0/conf/
Edit the configuration file:
Vim/etc/openvpn/easy-rsa/2.0/conf/server. conf
Find:

Ca. crt
Cert server. crt
Key server. key
Dh dh1024.pem

To:
Ca/etc/openvpn/easy-rsa/2.0/keys/ca. crt
Cert/etc/openvpn/easy-rsa/2.0/keys/server. crt
Key/etc/openvpn/easy-rsa/2.0/keys/server. key
Dh/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
Remove the semicolon before the following statements:
Push "redirect-gateway def1 bypass-dhcp"
Push "dhcp-option DNS 208.67.222.222"
Push "dhcp-option DNS 208.67.220.220"
Client-to-client
User nobody
Group nobody
7. set IP packet forwarding
Vim/etc/sysctl. conf
Change "net. ipv4.ip _ forward" to 1.

Make the sysctl. conf configuration take effect:
Sysctl-p
8. add iptables forwarding
Iptables-t nat-a postrouting-s 10.8.0.0/24-o eth0-jMASQUERADE
/Etc/init. d/iptables save
/Etc/init. d/iptables restart
PS: If iptables save reports an error

Iptables: Saving firewall rules to/etc/sysconfig/iptables:
/Etc/init. d/iptables: line 268: restorecon: command not found

To install a software package:
Yum install policycoreutils
9. set OpenVPN to start automatically
Echo "/usr/local/sbin/openvpn -- config/etc/openvpn/easy-rsa/2.0/conf/server. conf &">/etc/rc. local
10. start OpenVPN
/Usr/local/sbin/openvpn -- config/etc/openvpn/easy-rsa/2.0/conf/server. conf
4. install the Windows client OpenVPN GUI For Windows
1. download and install the client software

Http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe

2. configure the client
In the downloaded keys folder:
Ca. crt
Ca. key
Client1.crt
Client1.csr
Client1.key
Copy to the config folder of the client installation path.
For example:
C: \ Program Files \ OpenVPN \ config

Copy client. ovpn in the sample-config folder of the installation path to the config folder.

Open client. ovpn and find:

Remote my-server-1 1194

Change my-server-1 to the IP address of the OpenVPN server.

Find:

Cert client. crt
Key client. key

Change to the name of the client certificate.
Cert client1.crt
Key client1.key
Add:
Redirect-gateway def1
Enable the client to set the OpenVPN Server IP address as the default gateway.

Double-click client. ovpn to start openvpn, or use OpenVPN GUI control to start the VPN.

Then, go to the ip address query website to check whether your ip address is the ip address of the OpenVPN Server.

Note:
Client connection error:

There are no TAP-Win32 adapters on this system. You shoshould be
Able to create a TAP-Win32 adapter by going to Start-> All
Programs-> OpenVPN-> Add a new TAP-Win32 virtual ethernet
Adapter.

The TAP-Win32 virtual ethernet adapter needs to be installed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.