Thursday 30 November 2017

Open VPN Server Configuration on Linux

  1. Install Open VPN RPM.
Dependencies
  1. openssl
  2. lzo
  3. pkcs11-helper
Download openvpn-<version>.rpm , And install using this command rpm -ivh openvpn-<version>.rpm
  1. It will create folder under /etc/openvpn and /usr/share/doc/openvpn-2.1.1 
    cp -r /usr/share/doc/openvpn-<version>/easy-rsa /etc/openvpn 
    cp -r /usr/share/doc/openvpn-<version>/sample-config-files/server.conf /etc/openvpn 
    we have to copy the “easy-rsa” folder and “server.conf” file from /user/share/doc/openvpn-<version>… to…. /etc/openvpn
  2. Then go to /etc/openvpn
    cd /etc/openvpn
  3. Then go to easy-rsa/2.0
    cd easy-rsa/2.0
  4. Edit “vars” file modify values in last 5 lines. 
    export KEY_COUNTRY="YOURCOUNTRY"

    export KEY_PROVINCE="YOURSTATE"

    export KEY_CITY="YOURCITY"

    export KEY_ORG="YOURORG"

    export KEY_EMAIL="exuser@host.yourdomain.com"
  5. Run the “vars” file 
    . ./vars (note there is two dots)
  6. To clear old keys run the “clear-all” file. If the folder does not exist it will create the folder. 
    ./clear-all (here one dot is enough)
  7. Then run “bulid-ca” and “bulid-dh” files. 
    ./bulid-ca 
    (While running this command just enter for all options. But you have to answer for common_name option Give the Server’s Host Name or Any Name).
    ./build-dh
    It will generate “ca.crt”, “ca.key” and “dh1024.pem” files under “keys” folder.
  8. Then run “bulid-key-server” to generate server key. 
    ./build-key-server <“Server-Name”>
    While running the above command it will prompt you to get input just give enter for every prompt. 
    It will generate “Server-Name.crt” , “Server-Name.csr” and “Server-Name.key” under “keys” folder.
  9. Then go to /etc/openvpn folder
    cd /etc/openvpn
  10. Now we have to edit the “server.conf” file. 
    vi server.conf
    #This is sample configuration file
    1. local 192.168.1.101
    2. port 1194
    3. proto udp
    4. dev tun
    5. ca ca.crt
    6. cert host.yourdomain.com.crt
    7. key host.yourdomain.com.key # This file should be kept secret
    8. dh dh1024.pem
    9. server 192.168.11.0 255.255.255.248
    10. ifconfig-pool-persist ipp.txt
    11. push "route 172.23.0.0 255.255.0.0" # YOURORG LOCAL Network
    12. client-config-dir ccd
    13. route 192.168.12.0 255.255.255.0 # For Individual Clients
    14. client-to-client
    15. keepalive 10 120
    16. comp-lzo
    17. user nobody
    18. group nobody
    19. persist-key
    20. persist-tun
    21. status openvpn-status.log
    22. log-append openvpn.log
    23. verb 3
    • Line 1 : local 192.168.1.101
      Which IP address “openvpn” has to look in the system.
    • Line 2 : port 1194
      Which Port number “openvpn” has to run in the system.
    • Line 3 : proto udp
      Which Protocol “openvpn” has to use. 
      (tcp/udp) udp is best.
    • Line 4 : dev tun
      Which device it has to use to assign “Virtual IP”
      (tap/tun) tun is best.
    • Line 5 : ca ca.crt
    • Line 6 : cert <Server-Name>.crt
    • Line 7 : key <Server-Name>.key # This file should be kept secret
    • Line 8 : dh dh1024.pem
      For Line number 5 to 8 we have to say the path of the files. So we have to copy the “ca.crt “ , “<Server-Name>.crt” ,”<Server-Name>.key” and “dh1024.pem” in the same folder is good. Otherwise we can give the path where these files present.
    • Line 9 : server 192.168.11.0 255.255.255.248
      This line is to assign IP address for the server. Here I have planed to assign 192.168.11.1 – 192.168.11.2 to server and different IP ranges for clients.
    • Line 10 : ifconfig-pool-persist ipp.txt
      This line contains the IP pool list of clients. But here we are going to use static IP for each clients. So It is not necessary for us.
    • Line 11 : push "route 172.23.0.0 255.255.0.0" 
      These Line : 11 for routing the local network to clients. Then only clients can access these networks. It will take effect on all VPN-CLIENTS.
    • Line 12: client-config-dir ccd
      These line is for We can customize the client configuration. So we have to create a directory named “ccd” under “/etc/openvpn” and inside the “ccd” directory we have to create client customized file.
    • Line 13 : route 192.168.12.0 255.255.255.0 for Individual vpn network.
    • Line 14 : client-to-client
      This is for clients can access the each other clients.
    • Line 15 : keepalive 10 120
      To refresh the connection
    • Line 16 : comp-lzo
    • Line 17 : user nobody
    • Line 18 : group nobody
      These above two lines only useful for Linux server.
    • Line 19 : persist-key
    • Line 20 : persist-tun
    • Line 21 : status openvpn-status.log
      It is to view the current status of the connection.
    • Line 22 : log-append openvpn.log
      It is to append the status of the server in a log file.
    • Line 23 : verb 3
      It is for verbose level.
    1. Now we are going to start the VPN Server. Before that we have to verify that we have copied every thing in the current folder “/etc/openvpn”.
    • File 1. ca.crt
    • File 2. dh1024.pem
    • File 3. <Server-Name>.crt
    • File 4. <Server-Name>.csr
    • File 5. <Server-Name>.key
    Start the service using the command service openvpn start command.
    For Auto start the service when booting the machine type the command chkconfig openvpn on
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)