Results 1 to 25 of 278
Thread: Install OpenVPN on CentOS
-
02-20-2011, 09:08 PM #1WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
Install OpenVPN on CentOS
I have searched this forum and i don't find any OPENVPN tutorial, so i'll write tutorial how to make OPENVPN running on CentOS, hope it will be useful.
Here i'm using OpenVZ VPS with CentOS 5.5 32bit, and about the memory requirement? Don't worry, OPENVPN doesn't eat your memory too much, i have 50 user running in my 128MB vps and it only eats 25MB memory
First thing you have to do is check whether tun/tap is active or not by typing
#cat /dev/net/tun
Code:cat: /dev/net/tun: File descriptor in bad state
Install required modules
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
Download OPENVPN repo
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
for 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
for 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
Build the rpm packages
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
*remember to change i386 to x86_64 if you're using 64bit
Install OPENVPN
#yum install openvpn
Copy OPENVPN easy-rsa folder to /etc/openvpn/
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
Now let's create the certificate
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all
Build CA
#./build-ca
Code:Country Name: may be filled or press enter State or Province Name: may be filled or press enter City: may be filled or press enter Org Name: may be filled or press enter Org Unit Name: may be filled or press enter Common Name: your server hostname Email Address: may be filled or press enter
#./build-key-server server
Code:Almost the same with ./build.ca but check the changes and additional Common Name: server A challenge password: leave Optional company name: fill or enter sign the certificate: y 1 out of 1 certificate requests: y
Build Diffie Hellman (wait a moment until the process finish)
#./build-dh
Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like
#nano /etc/openvpn/1194.conf
Code:local 123.123.123.123 #- your_server_ip port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 1.2.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
Start the OPENVPN with 1194.conf
#openvpn /etc/openvpn/1194.conf &
here's the status if OPENVPN successfully started
Code:Mon Feb 21 02:23:20 2011 UDPv4 link remote: [undef] Mon Feb 21 02:23:20 2011 MULTI: multi_init called, r=256 v=256 Mon Feb 21 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62 Mon Feb 21 02:23:20 2011 Initialization Sequence Completed
#bg
Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward
Route iptables
#iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123
*1.2.3.0 is allocated ip for OPENVPN client
*123.123.123.123 is your server ip
Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username
Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client
Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.1.4 from here
After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)
Also create client configuration file in OPENVPN config directory, here's the example:
Code:client dev tun proto udp #- protocol remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3
http://i56.tinypic.com/aktvet.jpg
Run OPENVPN Client on your Windows, connect with your username and password.
http://i55.tinypic.com/2vwz9di.jpg
http://i53.tinypic.com/2883y0y.jpg
Check your IP Address in browser and Voila!!! You're IP is now changed to your server IP
note:
- Never fails make OPENVPN on CentOS with this tutorial
- Those configurations above are basic configuration, you can check OPENVPN website for another configuration
- If you're using Win 7, before installing OPENVPN client, right click on the installer, properties, run as administrator and change compatibility to Windows XP SP3
- If you wanna add another port, maybe TCP so you can run OPENVPN over proxy, just create new configuration for server, adjust the following lines:
Code:port: your preferred port protocol: tcp or udp client's ip: 1.2.4.0 or 1.2.5.0 ; 1.2.6.0 ; and so on
Code:proto xxxx #- change xxxx to tcp or udp remote 123.123.123.123 yyyy #- change yyyy to OPENVPN port
#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123
Ref: Uncle G
-
03-04-2011, 01:33 AM #2New Member
- Join Date
- Mar 2011
- Posts
- 2
Great Tutorial and It's help me alot there .. .Big Thanks Btw, I have some question
Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username
( openvpn.net/index.php?option=com_content&id=357 ) or it's for Openvpn access server product use only ?
THanks,
Symon LimLast edited by Symon; 03-04-2011 at 01:43 AM.
-
03-04-2011, 01:45 AM #3The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,991
To delete a user: userdel username
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
03-04-2011, 04:34 AM #4WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
Last edited by lxspcby; 03-04-2011 at 04:39 AM.
-
03-04-2011, 06:20 AM #5New Member
- Join Date
- Mar 2011
- Posts
- 2
Thanks Net & lxspcby
-
03-05-2011, 03:39 AM #6Disabled
- Join Date
- Jan 2011
- Posts
- 29
thanks lxspcby
-
03-07-2011, 02:10 AM #7New Member
- Join Date
- Feb 2011
- Posts
- 3
Thanks for the great help
Thanks a lot for your effort i really see it so easy
But everything was Okay till get to the step
openvpn /etc/openvpn/1194.conf &
i got that ERROR!!:
[root@c252 keys]# openvpn /etc/openvpn/1194.conf &
[1] 17726
[root@c252 keys]# Mon Mar 7 09:11:12 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
Mon Mar 7 09:11:12 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 7 09:11:12 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Mar 7 09:11:12 2011 Diffie-Hellman initialized with 1024 bit key
Mon Mar 7 09:11:12 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 7 09:11:12 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 7 09:11:12 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Mon Mar 7 09:11:12 2011 ROUTE: default_gateway=UNDEF
Mon Mar 7 09:11:12 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Mon Mar 7 09:11:12 2011 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Mar 7 09:11:12 2011 Cannot allocate TUN/TAP dev dynamically
Mon Mar 7 09:11:12 2011 Exiting
I think TUN/TAP is Allowed!!
[root@c252 keys]# cat /dev/net/tun
cat: /dev/net/tun: No such device
[root@c252 keys]# ls -al /dev/net/tun
crw------- 1 root root 10, 200 Mar 7 07:01 /dev/net/tunLast edited by pepsimanplus; 03-07-2011 at 02:16 AM.
-
03-07-2011, 05:46 AM #8WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
did you read my post about allowed TUN/TAP?!!!!
-
03-07-2011, 09:03 AM #9Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
Thanks for the tutorial lxspcby, it's time I got my hands dirty
I've followed all the instructions and have got it almost working. I had a problem with server time at first but my host corrected that, and now I can connect with openvpn.
The problem I get now though is the assigned IP address, is there somewhere to set it or change the default? I get an IP of 1.2.3.6 but I would've expected it to be my server IP. When I try to connect to www I just get '... not found...' for everything. When I disconnect it all goes back to normal and works OK.
I guess I must've boo boo'd somewhere. Any advice welcome.
-
03-07-2011, 09:38 AM #10New Member
- Join Date
- Feb 2011
- Posts
- 3
Yes! the problem was with my VPS provider i think they didn't know how to allow it finally they did
now i get this Error!
[root@c252 ~]# openvpn /etc/openvpn/1194.conf &
[1] 11599
[root@c252 ~]# Mon Mar 7 16:32:38 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
Mon Mar 7 16:32:38 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 7 16:32:38 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Mar 7 16:32:38 2011 Diffie-Hellman initialized with 1024 bit key
Mon Mar 7 16:32:38 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 7 16:32:38 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 7 16:32:38 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Mon Mar 7 16:32:38 2011 TCP/UDP: Socket bind failed on local address 204.93.197.23:53: Address already in use
Mon Mar 7 16:32:38 2011 Exiting
i tryied to allow the port UDP 53
[root@c252 ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@c252 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@c252 ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
but nothing new the same Error!
-
03-07-2011, 10:01 AM #11WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?
i think you're setting is not correct mate. if you want to connect to port 53 then youropenvpnconfig.conf must be:
Code:local 123.123.123.123 #- your_server_ip port 53 #- port proto udp #- udp or tcp protocol
Code:#openvpn /etc/openvpn/youropenvpnconfig.conf & #bg #iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123
Code:client dev tun proto udp #- protocol remote 123.123.123.123 53 #- SERVER IP and OPENVPN Port
Last edited by lxspcby; 03-07-2011 at 10:06 AM.
-
03-07-2011, 10:55 AM #12Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
[QUOTE=lxspcby;7322817]umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?
I'm not sure I understand the question, sorry, could you be more specific? I did this bit:
Make OPENVPN 1194.conf running in background
#bg
Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward
Route iptables
#iptables -t nat -A POSTROUTING -s (My own IP)/24 -j SNAT --to (server IP)
I used port #1194 as specified.
-
03-07-2011, 11:14 AM #13WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
[QUOTE=iDeq;7322914]what OS do you use? i mean your PC, is it XP or Seven? so far the problem i've ever experienced was just with my PC's OS. just like i said before if you're using Seven don't forget to install openvpn as administrator and set it to XP SP 3 compatibility.
but if that's not your current problem, you can pm me your vps login (root) and password with fresh installed CentOS, i'll try to install openvpn and after that you can see my command history.
-
03-07-2011, 11:18 AM #14Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
-
03-07-2011, 11:34 AM #15WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
-
03-07-2011, 11:44 AM #16Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
I guess I did it the wrong way round then. Will I have to re-install the iso for a fresh copy of centOS and start again? I've only been playing with kloxo so far I haven't got any real proxies on yet, only test sites. And will tun/tap have to be re-enabled? Will the re-install wipe it out? Do you still want a look?
More (dumb) questions: How do I uninstall openvpn from the server? And how to I switch it off/disable it and re-enable it (for security purposes)?
-
03-07-2011, 11:52 AM #17WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
i usually reinstall the OS and start again from the beginning. tun/tap will forever be enabled no matter how many times you reinstall the OS.
If you want to uninstall openvpn you can run command
#yum remove openvpn
and to stop it
#service openvpn stop
also you can pm me your vps login if you want, but only with fresh OS.
-
03-07-2011, 12:07 PM #18Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
If I re-install I'd have to re-do all the other changes I've made to the config too so I'll pass thanks. I can't find any PM options either, so maybe I'm not worthy yet or need more posts or something.
I might just uninstall and re-install open vpn, that might work, or I might just give up. I don't know yet if I'm keeping this vps, I only wanted to practice on it, I have another one with live sites and wanted to install openvpn to that but if I can't do it to this one first I won't bother.
Thanks for your help anyway, you're a star
-
03-07-2011, 12:09 PM #19WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
haha... just keep your spirit, don't give up.
-
03-07-2011, 01:40 PM #20WHT Addict
- Join Date
- Jan 2011
- Posts
- 152
-
03-07-2011, 02:46 PM #21Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 97
-
03-07-2011, 03:22 PM #22WHT Addict
- Join Date
- Jan 2011
- Posts
- 152
-
03-11-2011, 11:53 AM #23Junior Guru Wannabe
- Join Date
- Mar 2011
- Posts
- 80
Hi,
great tutorial! 2 questions are left!
Is there a web interface too like https://156.156.200.10:1194 (imaginary IP here)?
Another question: can this be used on an iPhone?
In fact, I just want to have a VPN to my CENTOS server for my (not jailbroken) iPhone since I'm often in China and web access is blocked to many sites.
Just in case openVPN can not support iPhones - what software or method can?Last edited by flameproof; 03-11-2011 at 12:03 PM.
-
03-11-2011, 12:07 PM #24Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
OpenVPN isn't natively supported on the iPhone (at least when I was still using my 3gs), I'm pretty sure it supports Cisco and PPTP style VPNs.
Edit: found this URL for you http://support.apple.com/kb/HT1288
If you want a web interface for OpenVPN configuration you can look at the modules for Webmin or the commercial solution from OpenVPN called OpenVPN-AS
-
03-11-2011, 03:19 PM #25WHT Addict
- Join Date
- Jul 2009
- Location
- Tangerang, ID
- Posts
- 168
yes you can use webmin for setting openvpn with user interface, but i think that's not necessary because it can still be managed with ssh.
Similar Threads
-
openVPN on openVZ with CentOS 5.5
By Teh Wallhacks in forum VPS HostingReplies: 16Last Post: 11-26-2010, 05:25 AM -
OpenVPN Install
By MJimLay in forum Systems Management RequestsReplies: 4Last Post: 10-20-2010, 06:51 AM -
need some one to install OpenVPN
By -whynot- in forum VPS HostingReplies: 5Last Post: 11-06-2008, 03:50 PM -
how can i install openvpn in centos server
By soltany in forum Hosting Security and TechnologyReplies: 7Last Post: 09-08-2007, 06:03 AM -
OpenVPN/pptpd - install
By verloni in forum Employment / Job OffersReplies: 0Last Post: 08-25-2005, 05:15 AM