1. ** ## description is written on page 3
Steps to follow to install OpenVpn on CentOS:
1. Install CentOS on server.
2. Update CentOS “yum update –y”
3. Enable epel repo
• wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
• wget http://rpms.famillecollet.com/enterprise/remi-release-6*.rpm
• sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
4. yum install screen openvpn nano rsync tar curl bridge-utils python logrotate –y ##
5. Bridging
echo '
tap="tap0 tap1 tap2 tap3"
brctl addbr br0
brctl addif br0 eth1 #this is the local lan port
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
brctl addif br0 $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
/usr/bin/screen -d -m ping 10.8.1.1'>/etc/rc.local **
chkconfig NetworkManager off
chkconfig network on
chkconfig logrotate on
chkconfig sshd on
chkconfig openvpn on
service NetworkManager stop
service network stop
service sshd restart
cd /etc/sysconfig/network-scripts
2. ** ## description is written on page 3
tap=“tap0 tap1 tap2 tap3”
brctl addbr br0
brctl addif br0 eth1
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
brctl addif br0 $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
/usr/bin/screen -d -m ping 10.8.1.1 -y
echo "
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
DNS1=8.8.8.8
GATEWAY=172.16.0.2 #local ip addr of endian firewall
IPADDR= xxx.xxx.xxx.xxx #virtual ip address of openvpn server
NETMASK=255.240.0.0
ONBOOT=yes
SEARCH=nccl.iitbhu.ac.in" > ifcfg-br0 **
echo "
TYPE=Ethernet
BOOTPROTO=none
IPADDR=xxx.xxx.xxx.xxx #local ip addr ex. 10.3.101.xxx
PREFIX=8
GATEWAY=10.3.101.1
DNS1=8.8.8.8
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
ONBOOT=yes
HWADDR=xx:xx:xx:xx:xx:xx #get eth0 hardware addr from ifconfig
" > ifcfg-eth0 **
echo "
HWADDR= xx:xx:xx:xx:xx:xx #get eth1 hardware addr from ifconfig
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
ONBOOT=yes
BRIDGE=br0" >ifcfg-eth1 ** #connected to firewall
3. ** ## description is written on page 3
6. Copy easy-rsa scripts to openvpn folder /etc/openvpn/
7. add execute permission to all scripts of easy-rsa “cd /etc/openvpn/eas*” “ chmod a+x *”
8. Modify “vars” file according to the use. Set dh parameter to 1024. “gedit vars”
9. run vars file “source ./vars” “./clean-all”
10. Build dh parameter using “./build-dh”
11. Build CA using “./build-ca _nameOfCA_”
12. Build server using “./build-key-server _nameOfServer_”
13. Build client key using “./build-key _nameOfClient_”
14. “iptables-restore</root/iptables-working” (copy iptables-working file to root). This file could
to saved to any folder, after saving go to same directly in terminal and use above command.
15. “chkconfig openvpn on”
16. “chkconfig ssh on”
17. “rm –rf /etc/sysconfig/network-scripts/ifcfg-A*”
18. “nano /etc/sysconfig/selinux” Edit enforcing to permissive and reboot
If network do not work, then use “service NetworkManager restart” “service network restart”
Keys are all written in “/etc/openvpn/easy-rsa/keys”. Copy required ca.crt, server.key, server.crt,
dh1024.pem file to “/etc/openvpn”.
** these scripts are to be written on the file given at the last line. If the command do not work
fine used “gedit _pathNameGivenAtLastLine_” given after ‘>’ symbol.
## If openvpn do not get installed even after enable epel repo then follow this webpage
http://www.drmagu.com/openvpn-introduction-and-installation-on-centos-432.htm
4. ** ## description is written on page 3
19. Write server config file as follows:
proto tcp #tcp protocol used
dev tap’x’ #edit virtual port for each file 0,1,2,3
local 10.3.101.22 #local ip of server **
port X #port used i.e 1194, 1195, 1196, 1197
server-bridge 172.16.0.1 255.240.0.0 172.18.x.x 172.18.x.x **
ifconfig-pool-persist ipp0.txt #ensure that particular ip is given to a person
and change ipp’x’.txt i.e 0,1,2,3
push "route 172.16.0.0 255.240.0.0"
push "route 10.0.0.0 255.0.0.0"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
push "redirect-gateway def1 bypass-dhcp"
ca ca.crt #CA certificate file name
cert server00.crt #Server certificate file name
key server00.key #Server key file name
dh dh1024.pem #dh file name
client-to-client
keepalive 5 100
comp-lzo
max-clients 5
persist-key
persist-tun
status openvpn-status-1194.log
log-append openvpn.log
verb 4
## save file as server-‘x’.conf in /etc/openvpn folder
#1194,1195,1196,1197
5. ** ## description is written on page 3
20. W
r
i
t
e
c
l
i
e
n
t
c
o
n
f
i
g
f
i
l
e
a
s
f
o
l
l
o
w
s
:
client
dev tap
proto tcp
remote 10.3.101.22 1194 **
remote 10.3.101.22 1195 **
remote 10.3.101.22 1196 **
remote 10.3.101.22 1197 **
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
key test.key
cert test.crt
## save file as client.ovpn for windows users and client.conf for linus users
## This file along with the client-cert, client-key and ca.crt are needed by
user. This configuration file is common for all the users
## these files you will find in /etc/openvpn/easy-rsa/key