Installing OpenVPN on a VPS Centos
What's you need?:
1. VPS Hosting
2. Putty (To run the command - the command to setup)
3. WinSCP (For easy copy certificate)
4. OpenVPN Client (To login to the VPN client side)
5. Internet Connection
6. PC / Laptop
Login to SSH Root Access
1. Open the PuTTY program.
2. In the field: Hostname (or IP Address) the content with your VPS IP address
3. In the Port column content with the number 22
4. On the Connection Type option to select SSH
5. Click Open
6. Then will come the questions: Login As: fill in the root, and then press enter
7. It would appear the password question, fill in your root password, press enter.
8. Done, you are already logged in, now move on to the activation TUN / TAP.
Check Enable and TUN / TAP device.
Ask your VPS provider to activated tun-tab device.
If we check whether it is active, to get back to the PuTTY window earlier, and then typing this command:
#ls-al/dev/net/tun
if already enabled then it will appear a message like the following:
CRW ------- 1 root root 10, 2010 May 10 16:21 / dev / net / tun
Install Required Applications
Still in the Putty window, enter this command:
# Yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make
Then it will install at the same time build the required packages: gcc, autoconf.noarch, zlib-devel, pam-devel, openssl-devel
Download OpenVPN and Make RPM package:
Putty is still at the window this command inputs to download packages
# wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
hit enter, let the process until completion
# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
hit enter, let the process until completion
After the input of this command to make the RPM:
# rpmbuild - rebuild-lzo-4.rf.src.rpm 1:08
press enter
# rpm-Uvh / usr/src/redhat/RPMS/i386/lzo- *. rpm
press enter
# rpmbuild-tb openvpn-2.0.9.tar.gz
press enter
# rpm-Uvh / usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm
press enter
Copy Configuration Files:
To be easily checked, copy the configuration file to the folder /etc/openvpn command do I input this:
# cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/etc/openvpn/
press enter
# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf/etc/openvpn/
press enter
Creating a Certificate / Building Certificate
Go to the directory /etc/openvpn/easy-rsa/2.0 and input this command:
# cd /etc/openvpn/easy-rsa/2.0
Then be continued by creating a certificate of this command input:
# source. / vars
# ./vars
# ./clean-all
# ./build-ca
Then it will come out weird and writing instruction,
Generating a 1024 bit RSA private key
... ... ... ... ... ... ... ... ... ++++++
... ... ... ... ... ... ... ... .++++++
writing new private key to 'ca.key'
etc. ... etc. ..
In essence we are asked to enter data as certification. If your VPN is komersialkan then the contents of the requested data correctly, if used personally or
resellerkan commercial but in the contents provided that it does not matter so anonymously. The important thing in common name field is filled.
Then create a new key server:
# ./build-key-server server
Create a Diffie Hellman:
# ./build-dh
Once completed copy of the certificate - the certificate had to directory: /etc/openvpn/keys and input this command:
# cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/ keys-R
VPN Server Configuration
Towards the directory /etc/openvpn/ typing the command below:
# cd /etc/openvpn /
see and check if there are configuration files (server.conf):
# ls -al
If no backup file to watch:
# cp server.conf server.conf.bak
Edit or delete files server.conf
# rm-rf server.conf
Create new again:
# vi server.conf
and then fill in the dev tun
The configuration file for TCP and UDP
Creating a TCP configuration file:
Type the following command:
$ cat> 443.conf
Then copy and paste the following settings:
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
server-status tcp.log
verb 3
After that press the CTRL + D on your keyboard to save the
Creating a UDP configuration file:
Type the following command:
$ cat> 53.conf
Then fill / copy and paste the following settings:
port 53
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
server-status tcp.log
verb 3
After that press the CTRL + D on your keyboard to save the
Note: for this line:
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
can be converted to other public DNS servers, such as Google:
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
After that run your openvpn server:
# openvpn /etc/openvpn/443.conf
# openvpn /etc/openvpn/53.conf
Setting Firewall
Enable packet forwarding:
# echo 1> /proc/sys/net/ipv4/ip_forward
Edit NAT Table for masquerading, the setting for VPS:
# Iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0-j SNAT - to ip.address
in the setting of up to adjust / replace with your VPS IP
Create / Add User VPN (/ home)
Enter the following command, said user can be changed / adjusted to your liking.
User # adduser -m-s /bin/false
Then for a password:
# passwd "user"
Will be asked to enter the password again:
Changing password for user mo3slim.
New UNIX password:
Once entered press enter twice.
If at any - time to delete a specific user:
# userdel username
Setting On The Client / User
What are the requirements of your clients?
Openvpn software for the client, can be downloaded here:
http://swupdate.openvpn.net/community/releases/openvpn-2.2.1-install.exe
(Select the Windows installer for GUI interface)
Install openvpn on client software
Certificate ca.crt file contained in the directory /etc/openvpn/keys/
download these files using WinSCP software
Configuration file, for the UDP and its contents (named "udp.ovpn"):
client
dev tun
proto udp
remote your ip.address 53
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
As for TCP port 443 (named tcp.ovpn):
client
dev tun
proto tcp
remote remote your ip.address 443
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
ca.crt file, udp / tcp.ovpn (choose one depending on which one you would use) copied to the folder:
c:\program files\openvpn\config\
Completed, each client you want to stay running log of openvpn software and enter your username and password that you've made.
That's All..
No comments:
Post a Comment