Install and Configure OpenVPN Server on Centos 6.3 or Redhat 6.3 RHEL

Howto Install and Configure OpenVPN Server on Centos 6.3 or Redhat 6.3 RHEL

1. Install OpenVPN Server

[root@localhost ~]# yum install openvpn
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* epel: mirrors.ustc.edu.cn
* extras: centos-hcm.viettelidc.com.vn
* updates: mirrors.ta139.com
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package openvpn.x86_64 0:2.2.2-1.el6 will be installed
–> Processing Dependency: libpkcs11-helper.so.1()(64bit) for package: openvpn-2.2.2-1.el6.x86_64
–> Processing Dependency: liblzo2.so.2()(64bit) for package: openvpn-2.2.2-1.el6.x86_64
–> Running transaction check
—> Package lzo.x86_64 0:2.03-3.1.el6 will be installed
—> Package pkcs11-helper.x86_64 0:1.07-5.el6 will be installed
–> Finished Dependency ResolutionDependencies Resolved=====================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================
Installing:
openvpn x86_64 2.2.2-1.el6 epel 372 k
Installing for dependencies:
lzo x86_64 2.03-3.1.el6 base 55 k
pkcs11-helper x86_64 1.07-5.el6 epel 51 kTransaction Summary
=====================================================================================================================================================================================================
Install 3 Package(s)Total download size: 478 k
Installed size: 1.1 M
Is this ok [y/N]:yDownloading Packages:
(1/3): lzo-2.03-3.1.el6.x86_64.rpm | 55 kB 00:00
(2/3): openvpn-2.2.2-1.el6.x86_64.rpm | 372 kB 00:00
(3/3): pkcs11-helper-1.07-5.el6.x86_64.rpm | 51 kB 00:00
—————————————————————————————————————————————————————————————————–
Total 64 kB/s | 478 kB 00:07
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : pkcs11-helper-1.07-5.el6.x86_64 1/3
Installing : lzo-2.03-3.1.el6.x86_64 2/3
Installing : openvpn-2.2.2-1.el6.x86_64 3/3
Verifying : openvpn-2.2.2-1.el6.x86_64 1/3
Verifying : lzo-2.03-3.1.el6.x86_64 2/3
Verifying : pkcs11-helper-1.07-5.el6.x86_64 3/3Installed:
openvpn.x86_64 0:2.2.2-1.el6Dependency Installed:
lzo.x86_64 0:2.03-3.1.el6 pkcs11-helper.x86_64 0:1.07-5.el6Complete!
[root@localhost ~]#

2. Create Certificates for OpenVPN Server and Client (kevin)

[root@localhost ~]#cd /usr/share/openvpn/easy-rsa/2.0/
[root@localhost 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/2.0/keys
[root@localhost 2.0]# ./clean-all
[root@localhost 2.0]#
[root@localhost 2.0]# ./build-ca
Generating a 1024 bit RSA private key
……………………….++++++
…++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:CA
Locality Name (eg, city) [SanFrancisco]:SanFancisco
Organization Name (eg, company) [Fort-Funston]:IThelpblog
Organizational Unit Name (eg, section) [changeme]:IT
Common Name (eg, your name or your server’s hostname) [changeme]:OpenVPN
Name [changeme]:OpenVPN
Email Address [mail@host.domain]:kevin.ngo@ithelpblog.com
[root@localhost 2.0]#[root@localhost 2.0]# ./build-key-server server
Generating a 1024 bit RSA private key
.++++++
.++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:Ithelpblog
Organizational Unit Name (eg, section) [changeme]:IT
Common Name (eg, your name or your server’s hostname) [server]:OpenVPN
Name [changeme]:OpenVPN
Email Address [mail@host.domain]:kevin.ngo@ithelpblog.comPlease enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName : PRINTABLE:’US’
stateOrProvinceName : PRINTABLE:’CA’
localityName : PRINTABLE:’SanFrancisco’
organizationName : PRINTABLE:’Ithelpblog’
organizationalUnitName: PRINTABLE:’IT’
commonName : PRINTABLE:’OpenVPN’
name : PRINTABLE:’OpenVPN’
emailAddress :IA5STRING:’kevin.ngo@ithelpblog.com’
Certificate is to be certified until Dec 16 03:54:02 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost 2.0]#[root@localhost 2.0]# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
….+………………+………..+…………………………………………+………………………..+…………………………………………………………………………………………………………….+……………..+………………………………………………+…………….+…………………………………+……………………………………………………………………………………+..+…………..+……………………………………………………………………………….+…………………………….+……………………………………………………………………………………………………………………………………………………………..+……………………………………………………………………………………………..+……………………….+…………………………..+.+……+…………………………………………………………………………….+………………………………………………………………………………..+………………………………………………+……..+………………….+…………………+……………………………………..+………………….++*++*++*
[root@localhost 2.0]#[root@localhost 2.0]# ./build-key kevin
Generating a 1024 bit RSA private key
……………………..++++++
.++++++
writing new private key to ‘kevin.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:IThelpblog
Organizational Unit Name (eg, section) [changeme]:IT
Common Name (eg, your name or your server’s hostname) [kevin]:
Name [changeme]:kevin
Email Address [mail@host.domain]:kevin.ngo@ithelpblog.comPlease enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName : PRINTABLE:’US’
stateOrProvinceName : PRINTABLE:’CA’
localityName : PRINTABLE:’SanFrancisco’
organizationName : PRINTABLE:’IThelpblog’
organizationalUnitName: PRINTABLE:’IT’
commonName : PRINTABLE:’kevin’
name  :PRINTABLE:’kevin’
emailAddress :IA5STRING:’kevin.ngo@ithelpblog.com’
Certificate is to be certified until Dec 16 04:00:29 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost 2.0]#

3. Copy all certificates to OpenVPN folder /etc/openvpn/

[root@localhost keys]# cp /usr/share/openvpn/easy-rsa/2.0/keys/* /etc/openvpn/
[root@localhost keys]#

4. Configure openvpn server configuraiton

[root@localhost openvpn]# vi /etc/openvpn/server.conf
dev tun
proto udp
port 1194
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.254.112.0 255.255.255.0
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
comp-lzo
[root@localhost openvpn]#

5. Start OpenVPN Server

[root@localhost openvpn]# /etc/init.d/openvpn start
Starting openvpn: [ OK ]
[root@localhost openvpn]#
[root@localhost openvpn]# netstat -ntulap | grep 1194
udp 0 0 0.0.0.0:1194 0.0.0.0:* 27353/openvpn
[root@localhost openvpn]#

openVPN Server

We can follow to these topics for OpenVPN Clients:

Fedora Core: http://ithelpblog.com/os/linux/redhat/fedora/install-openvpn-client-on-fedora-core-17/

CentOS: http://ithelpblog.com/os/linux/redhat/install-openvpn-client-on-centos-6-3/

Ubuntu: http://ithelpblog.com/os/linux/debian/ubuntu-debian/install-openvpn-client-on-ubuntu-12/

Windows: http://ithelpblog.com/os/windows/install-openvpn-client-on-windows-7/

That’s all. Thanks for using IThelpblog.com.

Tags:  

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>