Open VPN Server Configuration on Linux

  1. Install Open VPN RPM.

Dependencies

  1. openssl
  2. lzo
  3. pkcs11-helper

Download openvpn-<version>.rpm , And install using this command rpm -ivh openvpn-<version>.rpm

    1. It will create folder under /etc/openvpn and /usr/share/doc/openvpn-2.1.1
      cp -r /usr/share/doc/openvpn-<version>/easy-rsa /etc/openvpn
      cp -r /usr/share/doc/openvpn-<version>/sample-config-files/server.conf /etc/openvpn
      we have to copy the “easy-rsa” folder and “server.conf” file from /user/share/doc/openvpn-<version>… to…. /etc/openvpn
    2. Then go to /etc/openvpn
      cd /etc/openvpn
    3. Then go to easy-rsa/2.0
      cd easy-rsa/2.0
    4. Edit “vars” file modify values in last 5 lines.
      export KEY_COUNTRY=”YOURCOUNTRY”
      export KEY_PROVINCE=”YOURSTATE”
      export KEY_CITY=”YOURCITY”
      export KEY_ORG=”YOURORG”
      export KEY_EMAIL=”exuser@host.yourdomain.com
    5. Run the “vars” file
      . ./vars (note there is two dots)
    6. To clear old keys run the “clear-all” file. If the folder does not exist it will create the folder.
      ./clear-all (here one dot is enough)
    7. Then run “bulid-ca” and “bulid-dh” files.
      ./bulid-ca
      (While running this command just enter for all options. But you have to answer for common_name option Give the Server’s Host Name or Any Name).
      ./build-dh
      It will generate “ca.crt”, “ca.key” and “dh1024.pem” files under “keys” folder.
    8. Then run “bulid-key-server” to generate server key.
      ./build-key-server <“Server-Name”>
      While running the above command it will prompt you to get input just give enter for every prompt.
      It will generate “Server-Name.crt” , “Server-Name.csr” and “Server-Name.key” under “keys” folder.
    9. Then go to /etc/openvpn folder
      cd /etc/openvpn
    10. Now we have to edit the “server.conf” file.
      vi server.conf
      #This is sample configuration file

      1. local 192.168.1.101
      2. port 1194
      3. proto udp
      4. dev tun
      5. ca ca.crt
      6. cert host.yourdomain.com.crt
      7. key host.yourdomain.com.key # This file should be kept secret
      8. dh dh1024.pem
      9. server 192.168.11.0 255.255.255.248
      10. ifconfig-pool-persist ipp.txt
      11. push “route 172.23.0.0 255.255.0.0” # YOURORG LOCAL Network
      12. client-config-dir ccd
      13. route 192.168.12.0 255.255.255.0 # For Individual Clients
      14. client-to-client
      15. keepalive 10 120
      16. comp-lzo
      17. user nobody
      18. group nobody
      19. persist-key
      20. persist-tun
      21. status openvpn-status.log
      22. log-append openvpn.log
      23. verb 3
      • Line 1 : local 192.168.1.101
        Which IP address “openvpn” has to look in the system.
      • Line 2 : port 1194
        Which Port number “openvpn” has to run in the system.
      • Line 3 : proto udp
        Which Protocol “openvpn” has to use.
        (tcp/udp) udp is best.
      • Line 4 : dev tun
        Which device it has to use to assign “Virtual IP”
        (tap/tun) tun is best.
      • Line 5 : ca ca.crt
      • Line 6 : cert <Server-Name>.crt
      • Line 7 : key <Server-Name>.key # This file should be kept secret
      • Line 8 : dh dh1024.pem
        For Line number 5 to 8 we have to say the path of the files. So we have to copy the “ca.crt “ , “<Server-Name>.crt” ,”<Server-Name>.key” and “dh1024.pem” in the same folder is good. Otherwise we can give the path where these files present.
      • Line 9 : server 192.168.11.0 255.255.255.248
        This line is to assign IP address for the server. Here I have planed to assign 192.168.11.1 – 192.168.11.2 to server and different IP ranges for clients.
      • Line 10 : ifconfig-pool-persist ipp.txt
        This line contains the IP pool list of clients. But here we are going to use static IP for each clients. So It is not necessary for us.
      • Line 11 : push “route 172.23.0.0 255.255.0.0”
        These Line : 11 for routing the local network to clients. Then only clients can access these networks. It will take effect on all VPN-CLIENTS.
      • Line 12: client-config-dir ccd
        These line is for We can customize the client configuration. So we have to create a directory named “ccd” under “/etc/openvpn” and inside the “ccd” directory we have to create client customized file.
      • Line 13 : route 192.168.12.0 255.255.255.0 for Individual vpn network.
      • Line 14 : client-to-client
        This is for clients can access the each other clients.
      • Line 15 : keepalive 10 120
        To refresh the connection
      • Line 16 : comp-lzo
      • Line 17 : user nobody
      • Line 18 : group nobody
        These above two lines only useful for Linux server.
      • Line 19 : persist-key
      • Line 20 : persist-tun
      • Line 21 : status openvpn-status.log
        It is to view the current status of the connection.
      • Line 22 : log-append openvpn.log
        It is to append the status of the server in a log file.
      • Line 23 : verb 3
        It is for verbose level.
      1. Now we are going to start the VPN Server. Before that we have to verify that we have copied every thing in the current folder “/etc/openvpn”.
      • File 1. ca.crt
      • File 2. dh1024.pem
      • File 3. <Server-Name>.crt
      • File 4. <Server-Name>.csr
      • File 5. <Server-Name>.key

Start the service using the command service openvpn start command.
For Auto start the service when booting the machine type the command chkconfig openvpn on

Written by actsupp-r0cks