Install Openvpn in CentOS

Source: Internet
Author: User
Tags install openssl ssl connection

Install Openvpn in CentOS

Principle:

The core technology of OpenVpn is virtual Nic, followed by SSL protocol implementation. Here we will introduce the virtual nic and its Working Mechanism in OpenVpn:

A virtual Nic is a driver software implemented by using underlying network programming technology. After installation, an Eni appears on the host and can be configured like other NICs. The service program can open the virtual network card at the application layer. If the application software (such as IE) sends data to the virtual network card, the service program can read the data, if the service program writes appropriate data to the virtual network card, the application software can also receive the data. Virtual NICs are implemented in many operating systems, which is also an important reason for OpenVpn to be cross-platform.

In OpenVpn, if a user accesses a remote virtual address (belonging to the address series used by the virtual network adapter, different from the real address), the operating system uses the routing mechanism to route the data packets (in TUN mode) or data frame (TAP mode) is sent to the virtual network card. After the service program receives the data and processes the data, it sends the data from the Internet through SOCKET, the remote service program receives data from the Internet through a SOCKET and sends the data to the virtual Nic after corresponding processing. Then, the application software can receive the data and complete one-way transmission, and vice versa.

Installation environment: Server RHEL 5.3 (IP 192.168.10.191) or above

Client: win7

In Linux, kerner must support tun devices and load the iptables module.

# Modinfo tun

If you need to enable the SSL connection for OpenVPN, you must first install OpenSSL.

# Rpm-qa | grep ssl

If no

# Yum install openssl-devel

2.2.2 For this installation can be downloaded from the official website

Log on to the server through SecureCRT or XShell and upload LZO and OpenVPN. LZO is used for data compression.

Installation Process:

1. Unzip and install lzo

# Tar zxvf lzo.2.06.tar.gz

# Cd lzo-2.06

#./Configure

# Make

# Make install

2. Unzip and install openvpn

# Tar zxvf openvpn-2.2.2.tar.gz

# Cd openvpn-2.2.2

# Configure & make install

3. Produce certificate key

Initialize PKI

# Mkdir/etc/openvpn (this directory is not available by default)

# Cd openvpn-2.2.2

# Cp-r easy-rsa/2.0/etc/openvpn/easy-rsa

# Cd/etc/openvpn/easy-rsa

# Vi vars

Modify the following lines as needed, for example:

Export KEY_COUNTRY = "CN"

Export KEY_PROVINCE = "BJ"

Export KEY_CITY = "Beijing"

Export KEY_ORG = "baidu"

Export KEY_EMAIL = "tech@baidu.cn"

Export KEY_EMAIL = tech@baidu.cn

Export KEY_CN = baidu

Export KEY_NAME = baidu

Export KEY_OU = baidu

Export PKCS11_MODULE_PATH = baidu

Export PKCS11_PIN = 1q2w3e4r


Create Certificate

# ../Vars

NOTE: Ifyou run./clean-all, I will be doing a rm-rf on/etc/openvpn/easy-rsa/keys

(It must be executed only when the certificate is generated for the first time)

#./Clean-all

#./Build-ca (one-way carriage return)

#./Build-key-server (create server key)

(Press enter along the way to the prompt [y/n] And enter y)

# Cd/etc/openvpn/easy-rsa/keys

Copy the generated certificate to/etc/openvpn

# Cp ca. crt dh1024.pem server. crt server. key/etcp/openvpn

Create server. conf

# Cd/etc/openvpn

# Vim server. conf (this file is not available by default)

Local 192.168.10.191

Port 1194

Proto udp

Dev tun

Ca. crt

Cert server. crt

Key server. key

Dh dh1024.pem

Server11.8.0.0255.255.255.0

Keepalive 10 120

Comp-lzo

Persist-key

Persist-tun

Logopenvpn. log

Log-append openvpn. log

Status openvpn-status.log

Verb 3

Start the server

# Openvpn -- config/etc/openvpn/server. conf -- daemon

# Ip

A tun0 device is added and the IP address is 11.8.0.1.

4. Generate the client key

# Cd/etc/openvpn/easy-rsa

#./Build-key client1 (later generation./build-key client2 ...)

(Press enter along the way to the prompt [y/n] And enter y)

Copy the generated client key file ca. crt client1.crt client1.key to win7,

5. win7 Configuration

Copy ca. crt client1.crt client1.key to the config directory under the openvpn installation directory.

And create the client. ovpn (not available by default) file.

Edit client. ovpn with the following content:

Client

Dev tun

Proto udp

Remotely 192.168.10.191 1194

Resolv-retry infinite

Nobind

User nobody

Group nodody

Persist-key

Persis-tun

Ca. crt

Cert client1.crt

Key client1.key

Comp-lzo

Verb 3

Keepalive 10 120

When win7 is connected through a client, the automatically obtained IP address is displayed after successful dialing, and ping11.8.0.1 is successfully connected.

Supplement linux as the client:

Linux clients also need to install lzo and openven (see installation process 1 and installation process 2)

And create/etc/openvpn

Copy ca. crt client1.crt client1.key to/etc/openvpn

Also create client. conf (this file is not available by default)

Edit client. conf in the same way as client. ovpn In the config directory of win7.

Start the client

# Openvpn -- config/etc/openvpn/client. conf -- daemon

# Ip

You can see that the tun0 device automatically obtains the IP address in the 11.8.0 segment, indicating that the dial is successful. You can test ping11.8.0.1.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.