- Install Open VPN RPM.
Download openvpn-<version>.rpm , And install using this command rpm -ivh openvpn-<version>.rpm
- It will create folder under /etc/openvpn and /usr/share/doc/openvpn-2.1.1
cp -r /usr/share/doc/openvpn-<version>/easy-rsa /etc/openvpn
cp -r /usr/share/doc/openvpn-<version>/sample-config-files/server.conf /etc/openvpn
we have to copy the “easy-rsa” folder and “server.conf” file from /user/share/doc/openvpn-<version>… to…. /etc/openvpn
- Then go to /etc/openvpn
- Then go to easy-rsa/2.0
- Edit “vars” file modify values in last 5 lines.
- Run the “vars” file
. ./vars (note there is two dots)
- To clear old keys run the “clear-all” file. If the folder does not exist it will create the folder.
./clear-all (here one dot is enough)
- Then run “bulid-ca” and “bulid-dh” files.
(While running this command just enter for all options. But you have to answer for common_name option Give the Server’s Host Name or Any Name).
It will generate “ca.crt”, “ca.key” and “dh1024.pem” files under “keys” folder.
- Then run “bulid-key-server” to generate server key.
While running the above command it will prompt you to get input just give enter for every prompt.
It will generate “Server-Name.crt” , “Server-Name.csr” and “Server-Name.key” under “keys” folder.
- Then go to /etc/openvpn folder
- Now we have to edit the “server.conf” file.
#This is sample configuration file
- local 192.168.1.101
- port 1194
- proto udp
- dev tun
- ca ca.crt
- cert host.yourdomain.com.crt
- key host.yourdomain.com.key # This file should be kept secret
- dh dh1024.pem
- server 192.168.11.0 255.255.255.248
- ifconfig-pool-persist ipp.txt
- push "route 172.23.0.0 255.255.0.0" # YOURORG LOCAL Network
- client-config-dir ccd
- route 192.168.12.0 255.255.255.0 # For Individual Clients
- keepalive 10 120
- user nobody
- group nobody
- status openvpn-status.log
- log-append openvpn.log
- verb 3
- Line 1 : local 192.168.1.101
Which IP address “openvpn” has to look in the system.
- Line 2 : port 1194
Which Port number “openvpn” has to run in the system.
- Line 3 : proto udp
Which Protocol “openvpn” has to use.
(tcp/udp) udp is best.
- Line 4 : dev tun
Which device it has to use to assign “Virtual IP”
(tap/tun) tun is best.
- Line 5 : ca ca.crt
- Line 6 : cert <Server-Name>.crt
- Line 7 : key <Server-Name>.key # This file should be kept secret
- Line 8 : dh dh1024.pem
For Line number 5 to 8 we have to say the path of the files. So we have to copy the “ca.crt “ , “<Server-Name>.crt” ,”<Server-Name>.key” and “dh1024.pem” in the same folder is good. Otherwise we can give the path where these files present.
- Line 9 : server 192.168.11.0 255.255.255.248
This line is to assign IP address for the server. Here I have planed to assign 192.168.11.1 – 192.168.11.2 to server and different IP ranges for clients.
- Line 10 : ifconfig-pool-persist ipp.txt
This line contains the IP pool list of clients. But here we are going to use static IP for each clients. So It is not necessary for us.
- Line 11 : push "route 172.23.0.0 255.255.0.0"
These Line : 11 for routing the local network to clients. Then only clients can access these networks. It will take effect on all VPN-CLIENTS.
- Line 12: client-config-dir ccd
These line is for We can customize the client configuration. So we have to create a directory named “ccd” under “/etc/openvpn” and inside the “ccd” directory we have to create client customized file.
- Line 13 : route 192.168.12.0 255.255.255.0 for Individual vpn network.
- Line 14 : client-to-client
This is for clients can access the each other clients.
- Line 15 : keepalive 10 120
To refresh the connection
- Line 16 : comp-lzo
- Line 17 : user nobody
- Line 18 : group nobody
These above two lines only useful for Linux server.
- Line 19 : persist-key
- Line 20 : persist-tun
- Line 21 : status openvpn-status.log
It is to view the current status of the connection.
- Line 22 : log-append openvpn.log
It is to append the status of the server in a log file.
- Line 23 : verb 3
It is for verbose level.
- Now we are going to start the VPN Server. Before that we have to verify that we have copied every thing in the current folder “/etc/openvpn”.
- File 1. ca.crt
- File 2. dh1024.pem
- File 3. <Server-Name>.crt
- File 4. <Server-Name>.csr
- File 5. <Server-Name>.key
Start the service using the command service openvpn start command.
For Auto start the service when booting the machine type the command chkconfig openvpn on