RHEL5OpenVPN installation and WindowsOpenVPNGUI Installation notes

RHEL5OpenVPN installation and WindowsOpenVPNGUI Installation notes-Linux Enterprise Application-Linux server application information. For details, see the following. RHEL5OpenVPN installation and Windows OpenVPN GUI Installation notes

----------------- Fuqin Liquor

There are few RHEL5 configuration openVPN information on the Internet, so the configuration process under RHEL5 is written down, the process is similar to RHEL4, I hope to help you, reprint Please note my blog address http://hi.baidu.com/yuhongchun027

1. Install the server
1. Go to http://openvpn.net/to download the latest version of openvpn. today is openvpn-2.0.9.tar.gz.
A) The lzo compression library is also required on the Internet. I didn't install it. I only need to add -- disable-lzo to compile the program. To install openvpn-2.0.9.tar.gz.
2. upload it to the server gait.buaa.edu.cn and unbind it to/root/openvpn-2.0.9.
3, cd/root/openvpn-2.0.9
4.../configure -- disable-lzo.

1) Establish a CA

There is a \ easy-rsa \ 2.0 directory under the OpenVPN source code directory. after entering the directory, modify the last part of the vars file:

Export KEY_COUNTRY = "CN"
Export KEY_PROVINCE = "BJ"
Export KEY_CITY = "Beijing"
Export KEY_ORG = "PKU"
Export KEY_EMAIL = "xxxxxx@pku.edu.cn"

Save and exit, and then run:

Source vars
./Clean-all
./Build-ca

Then there is a prompt. You need to enter the information. Most of the information is the information in the above vars file by default. You only need to enter the "Organizational Unit Name" item, and you just need to enter one, or you can leave it empty.



2) generate certificates and keys for the server

./Build-key-server

Similar to the previous step, you only need to enter "Organizational Unit Name" or not. If you do not enter this step, you must be able to correctly resolve the VPN Server Name when creating a windows VPN client, I changed the c: \ windows \ system32/drivers/etc/hosts file to write the domain name resolution file of the VPN Server to this.

"Sign the certificate? [Y/n] "and" 1 out of 1 certificate requests certified, commit? [Y/n] ", enter y and press Enter.

./Build-key-server
./Build-key-server

Generating a 1024 bit RSA private key
... ++
...
Writing new private key to 'server. key'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []: gait
Common Name (eg, your name or your server's hostname) []: server
Email Address [support@cooldvd.com]:

Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: abcd1234
An optional company name []: dvdmaster
Using configuration from/openvpn-2.0.5/easy-rsa/openssl. cnf
Check that the request matches the signature
Signature OK
The Subject's Distinguished Name is as follows
CountryName: PRINTABLE: 'cn'
StateOrProvinceName: PRINTABLE: 'gd'
LocalityName: PRINTABLE: 'sz'
OrganizationName: PRINTABLE: 'dvdmaster'
OrganizationalUnitName: PRINTABLE: 'dvdmaster'
CommonName: PRINTABLE: 'server'
EmailAddress: IA5STRING: 'support @ cooldvd.com'
Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days)
Sign the certificate? [Y/n]: y

1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated


3) In openvpn, this configuration method requires a certificate for each VPN Client to log on to. Each certificate can only be connected to one client at the same time (if two machines install the same certificate, at the same time, you can dial the server, but only the first dial can connect to the network ). Therefore, you need to create many certificates. Create two copies, named client1 and client2 respectively.
./Build-key client1
Generating a 1024 bit RSA private key
... ++
... ++
Writing new private key to 'client1. key'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []: gait
Common Name (eg, your name or your server's hostname) []: client1 # Important: certificates generated by different clients must have different names.
Email Address [support@cooldvd.com]:

Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: abcd1234
An optional company name []: gait
Using configuration from/openvpn-2.0.5/easy-rsa/openssl. cnf
Check that the request matches the signature
Signature OK
The Subject's Distinguished Name is as follows
CountryName: PRINTABLE: 'cn'
StateOrProvinceName: PRINTABLE: 'gd'
LocalityName: PRINTABLE: 'sz'
OrganizationName: PRINTABLE: 'dvdmaster'
OrganizationalUnitName: PRINTABLE: 'dvdmaster'
CommonName: PRINTABLE: 'client1'
EmailAddress: IA5STRING: 'support @ cooldvd.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [Y/n]: y


1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated


3) generate a certificate and key for the client. In openvpn, this configuration method requires a certificate for each VPN Client that logs in, each certificate can only be connected to one client at a time. (If two machines have the same certificate installed and the server is dialed at the same time, the server can be dialed, but only the first one can connect to the network ). Therefore, you need to create many certificates. Create three copies, named client1 and client2 respectively.
-Key client1
Generating a 1024 bit RSA private key
... ++
... ++
Writing new private key to 'client1. key'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []: gait
Common Name (eg, your name or your server's hostname) []: client1 # Important: certificates generated by different clients must have different names.
Email Address [support@cooldvd.com]:

Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: abcd1234
An optional company name []: gait
Using configuration from/openvpn-2.0.5/easy-rsa/openssl. cnf
Check that the request matches the signature
Signature OK
The Subject's Distinguished Name is as follows
CountryName: PRINTABLE: 'cn'
StateOrProvinceName: PRINTABLE: 'gd'
LocalityName: PRINTABLE: 'sz'
OrganizationName: PRINTABLE: 'dvdmaster'
OrganizationalUnitName: PRINTABLE: 'dvdmaster'
CommonName: PRINTABLE: 'client1'
EmailAddress: IA5STRING: 'support @ cooldvd.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [Y/n]: y


1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated


Other client certificates/keys are generated by analogy:
./Build-key client2
./Build-dh

4) Configure the server VPN File
A) cp/root/openvpn-2.0.9/sample-config-files/server. conf/usr/local/etc/server. conf
B) vi/usr/local/etc/server. conf
I. Change proto udp to proto tcp
Ii. Change the four lines of ca
Ca/root/openvpn-2.0.9/easy-rsa/keys/2.0/ca. crt
Cert/root/openvpn-2.0.9/easy-rsa/keys/2.0/server. crt
Key/root/openvpn-2.0.9/easy-rsa/keys/2.0/server. key
Dh/root/openvpn-2.0.9/easy-rsa/keys/2.0/dh1024.pem
Iii. Change the server line
Server 10.0.0.0 255.255.255.0
Iv. Comment out comp-lzo
V. Change to verb 5 to view more debugging information.


5) start the service:
A) Disable all interception of SSH (22) and openvpn (1194) on the server and firewall.
B) echo 1>/proc/sys/net/ipv4/ip_forward
C)/usr/local/sbin/openvpn -- config/usr/local/etc/server. conf

Ii. Install the WidnowsVPN Client

4. Install the client
1. Download openvpn GUI For Windows from http://openvpn.se/a Windows client that corresponds to openvpnserver"
A) For example, the server is installed with OpenVPN 2.09, then the downloaded OpenVPN GUI fow windows should be: openvpn-2.0.9-gui-1.0.3-install.exe
2. Run openvpn-2.0.9-gui-1.0.3-install.exe. Use the default settings.
3. Copy ca. crt, client1.crt, and client1.key to C: \ Program Files \ OpenVPN \ config. (Different users use different certificates. Each certificate contains two files:. crt and. key, such as client2.crt and client2.key)
4. Create a client configuration file on the basis of/root/openvpn-2.0.9/sample-config-files/client. conf and change it to C: \ Program Files \ OpenVPN \ config \ client. ovpn.
A) Change proto udp to proto tcp
B) Change the remote line
Gait.buaaa .edu.cn 1194
C) Change the three lines of ca
Ca. crt
Cert client1.crt
Key client1.key
D) Comment out comp-lzo.
5. Connection: Right-click the openvpn icon in the lower right corner and select Connect ". Normally, the connection is successful and a normal IP address is allocated.

[ This post was last edited by yuhongchun]