hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : VPS Tutorials : Install OpenVPN on CentOS
Reply

Forum Jump

Install OpenVPN on CentOS

Reply Post New Thread In VPS Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 02-20-2011, 09:08 PM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124

Install OpenVPN on CentOS


I have searched this forum and i don't find any OPENVPN tutorial, so i'll write tutorial how to make OPENVPN running on CentOS, hope it will be useful.

Here i'm using OpenVZ VPS with CentOS 5.5 32bit, and about the memory requirement? Don't worry, OPENVPN doesn't eat your memory too much, i have 50 user running in my 128MB vps and it only eats 25MB memory

First thing you have to do is check whether tun/tap is active or not by typing
#cat /dev/net/tun

Code:
cat: /dev/net/tun: File descriptor in bad state
take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

Install required modules
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Download OPENVPN repo
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

for 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

for 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Build the rpm packages
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm


*remember to change i386 to x86_64 if you're using 64bit

Install OPENVPN
#yum install openvpn

Copy OPENVPN easy-rsa folder to /etc/openvpn/
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/

Now let's create the certificate
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all


Build CA
#./build-ca

Code:
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter
Build key server
#./build-key-server server


Code:
Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y

Build Diffie Hellman (wait a moment until the process finish)
#./build-dh

Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like
#nano /etc/openvpn/1194.conf

Code:
local 123.123.123.123 #- your_server_ip
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.3.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
before you save the configuration, make sure that the "plugin /usr/share/.. /pam.d/login" is one line

Start the OPENVPN with 1194.conf
#openvpn /etc/openvpn/1194.conf &

here's the status if OPENVPN successfully started

Code:
Mon Feb 21 02:23:20 2011 UDPv4 link remote: [undef]
Mon Feb 21 02:23:20 2011 MULTI: multi_init called, r=256 v=256
Mon Feb 21 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62
Mon Feb 21 02:23:20 2011 Initialization Sequence Completed
Make OPENVPN 1194.conf running in background
#bg

Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward

Route iptables
#iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123

*1.2.3.0 is allocated ip for OPENVPN client
*123.123.123.123 is your server ip


Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username


Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client

Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.1.4 from here

After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)

Also create client configuration file in OPENVPN config directory, here's the example:

Code:
client
dev tun
proto udp #- protocol
remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
save with anyname.ovpn or 1194.ovpn

http://i56.tinypic.com/aktvet.jpg

Run OPENVPN Client on your Windows, connect with your username and password.

http://i55.tinypic.com/2vwz9di.jpg
http://i53.tinypic.com/2883y0y.jpg

Check your IP Address in browser and Voila!!! You're IP is now changed to your server IP

note:
- Never fails make OPENVPN on CentOS with this tutorial
- Those configurations above are basic configuration, you can check OPENVPN website for another configuration
- If you're using Win 7, before installing OPENVPN client, right click on the installer, properties, run as administrator and change compatibility to Windows XP SP3
- If you wanna add another port, maybe TCP so you can run OPENVPN over proxy, just create new configuration for server, adjust the following lines:

Code:
port: your preferred port
protocol: tcp or udp
client's ip: 1.2.4.0 or 1.2.5.0 ; 1.2.6.0 ; and so on
also new configuration for client

Code:
proto xxxx #- change xxxx to tcp or udp
remote 123.123.123.123 yyyy #- change yyyy to OPENVPN port
and then run the command
#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123

Ref: Uncle G

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5



Sponsored Links
  #2  
Old 03-04-2011, 01:33 AM
Symon Symon is offline
New Member
 
Join Date: Mar 2011
Posts: 0
Great Tutorial and It's help me alot there .. .Big Thanks Btw, I have some question


Quote:
Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username
How to remove user which I had added ? Can we use this software to access VPN
( openvpn.net/index.php?option=com_content&id=357 ) or it's for Openvpn access server product use only ?

THanks,
Symon Lim


Last edited by Symon; 03-04-2011 at 01:43 AM.
  #3  
Old 03-04-2011, 01:45 AM
net net is offline
Community Liaison
 
Join Date: Mar 2003
Posts: 11,128
To delete a user: userdel username

__________________
.
JoneSolutions.Com + SSS = Your Number One Choice On The Net - since 2001

It's Fully Managed and Secured. Ask us at sales @ jonesolutions.com .

Sponsored Links
  #4  
Old 03-04-2011, 04:34 AM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124
Quote:
Originally Posted by Symon View Post
Great Tutorial and It's help me alot there .. .Big Thanks Btw, I have some question




How to remove user which I had added ? Can we use this software to access VPN
( openvpn.net/index.php?option=com_content&id=357 ) or it's for Openvpn access server product use only ?

THanks,
Symon Lim
thanks mate, your question has been answered

Quote:
Originally Posted by net View Post
To delete a user: userdel username
thank you mod

edit:

anyway i forgot to mention, if you want to open new port, after create new configuration, run again the conf.

e.g. your conf name is 443.conf
#openvpn /etc/openvpn/443.conf &
#bg

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5


Last edited by lxspcby; 03-04-2011 at 04:39 AM.
  #5  
Old 03-04-2011, 06:20 AM
Symon Symon is offline
New Member
 
Join Date: Mar 2011
Posts: 0
Thanks Net & lxspcby

  #6  
Old 03-05-2011, 03:39 AM
serveradmin4linux serveradmin4linux is offline
Disabled
 
Join Date: Jan 2011
Posts: 28
thanks lxspcby

  #7  
Old 03-07-2011, 02:10 AM
pepsimanplus pepsimanplus is offline
New Member
 
Join Date: Feb 2011
Posts: 0
Thanks for the great help

Thanks a lot for your effort i really see it so easy
But everything was Okay till get to the step
openvpn /etc/openvpn/1194.conf &

i got that ERROR!!:

[root@c252 keys]# openvpn /etc/openvpn/1194.conf &
[1] 17726
[root@c252 keys]# Mon Mar 7 09:11:12 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
Mon Mar 7 09:11:12 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 7 09:11:12 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Mar 7 09:11:12 2011 Diffie-Hellman initialized with 1024 bit key
Mon Mar 7 09:11:12 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 7 09:11:12 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 7 09:11:12 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Mon Mar 7 09:11:12 2011 ROUTE: default_gateway=UNDEF
Mon Mar 7 09:11:12 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Mon Mar 7 09:11:12 2011 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Mar 7 09:11:12 2011 Cannot allocate TUN/TAP dev dynamically
Mon Mar 7 09:11:12 2011 Exiting

I think TUN/TAP is Allowed!!

[root@c252 keys]# cat /dev/net/tun
cat: /dev/net/tun: No such device
[root@c252 keys]# ls -al /dev/net/tun
crw------- 1 root root 10, 200 Mar 7 07:01 /dev/net/tun


Last edited by pepsimanplus; 03-07-2011 at 02:16 AM.
  #8  
Old 03-07-2011, 05:46 AM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124
did you read my post about allowed TUN/TAP?!!!!

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  #9  
Old 03-07-2011, 09:03 AM
iDeq iDeq is online now
Junior Guru Wannabe
 
Join Date: Mar 2011
Posts: 83
Thanks for the tutorial lxspcby, it's time I got my hands dirty

I've followed all the instructions and have got it almost working. I had a problem with server time at first but my host corrected that, and now I can connect with openvpn.

The problem I get now though is the assigned IP address, is there somewhere to set it or change the default? I get an IP of 1.2.3.6 but I would've expected it to be my server IP. When I try to connect to www I just get '... not found...' for everything. When I disconnect it all goes back to normal and works OK.

I guess I must've boo boo'd somewhere. Any advice welcome.

  #10  
Old 03-07-2011, 09:38 AM
pepsimanplus pepsimanplus is offline
New Member
 
Join Date: Feb 2011
Posts: 0
Yes! the problem was with my VPS provider i think they didn't know how to allow it finally they did
now i get this Error!

[root@c252 ~]# openvpn /etc/openvpn/1194.conf &
[1] 11599
[root@c252 ~]# Mon Mar 7 16:32:38 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
Mon Mar 7 16:32:38 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 7 16:32:38 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Mar 7 16:32:38 2011 Diffie-Hellman initialized with 1024 bit key
Mon Mar 7 16:32:38 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 7 16:32:38 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 7 16:32:38 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Mon Mar 7 16:32:38 2011 TCP/UDP: Socket bind failed on local address 204.93.197.23:53: Address already in use
Mon Mar 7 16:32:38 2011 Exiting

i tryied to allow the port UDP 53

[root@c252 ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@c252 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@c252 ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

but nothing new the same Error!

  #11  
Old 03-07-2011, 10:01 AM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124
Quote:
Originally Posted by iDeq View Post
Thanks for the tutorial lxspcby, it's time I got my hands dirty

I've followed all the instructions and have got it almost working. I had a problem with server time at first but my host corrected that, and now I can connect with openvpn.

The problem I get now though is the assigned IP address, is there somewhere to set it or change the default? I get an IP of 1.2.3.6 but I would've expected it to be my server IP. When I try to connect to www I just get '... not found...' for everything. When I disconnect it all goes back to normal and works OK.

I guess I must've boo boo'd somewhere. Any advice welcome.
umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

Quote:
Originally Posted by pepsimanplus View Post
Yes! the problem was with my VPS provider i think they didn't know how to allow it finally they did
now i get this Error!

[root@c252 ~]# openvpn /etc/openvpn/1194.conf &
[1] 11599
[root@c252 ~]# Mon Mar 7 16:32:38 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
Mon Mar 7 16:32:38 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 7 16:32:38 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Mon Mar 7 16:32:38 2011 Diffie-Hellman initialized with 1024 bit key
Mon Mar 7 16:32:38 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 7 16:32:38 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 7 16:32:38 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Mon Mar 7 16:32:38 2011 TCP/UDP: Socket bind failed on local address 204.93.197.23:53: Address already in use
Mon Mar 7 16:32:38 2011 Exiting

i tryied to allow the port UDP 53

[root@c252 ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@c252 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@c252 ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

but nothing new the same Error!
i think you're setting is not correct mate. if you want to connect to port 53 then youropenvpnconfig.conf must be:

Code:
local 123.123.123.123 #- your_server_ip
port 53 #- port
proto udp #- udp or tcp protocol
after that run command
Code:
#openvpn /etc/openvpn/youropenvpnconfig.conf &
#bg
#iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123
for client configuration (*.ovpn)
Code:
client
dev tun
proto udp #- protocol
remote 123.123.123.123 53 #- SERVER IP and OPENVPN Port
just like that, all configuration is in your openvpn.conf, not in iptables. also remember to stop the services which using port 53 first.

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5


Last edited by lxspcby; 03-07-2011 at 10:06 AM.
  #12  
Old 03-07-2011, 10:55 AM
iDeq iDeq is online now
Junior Guru Wannabe
 
Join Date: Mar 2011
Posts: 83
[QUOTE=lxspcby;7322817]umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

I'm not sure I understand the question, sorry, could you be more specific? I did this bit:
Quote:
Make OPENVPN 1194.conf running in background
#bg

Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward

Route iptables
#iptables -t nat -A POSTROUTING -s (My own IP)/24 -j SNAT --to (server IP)

I used port #1194 as specified.

  #13  
Old 03-07-2011, 11:14 AM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124
[QUOTE=iDeq;7322914]
Quote:
Originally Posted by lxspcby View Post
umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

I'm not sure I understand the question, sorry, could you be more specific? I did this bit:



I used port #1194 as specified.
what OS do you use? i mean your PC, is it XP or Seven? so far the problem i've ever experienced was just with my PC's OS. just like i said before if you're using Seven don't forget to install openvpn as administrator and set it to XP SP 3 compatibility.

but if that's not your current problem, you can pm me your vps login (root) and password with fresh installed CentOS, i'll try to install openvpn and after that you can see my command history.

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  #14  
Old 03-07-2011, 11:18 AM
iDeq iDeq is online now
Junior Guru Wannabe
 
Join Date: Mar 2011
Posts: 83
[QUOTE=lxspcby;7322948]
Quote:
Originally Posted by iDeq View Post

what OS do you use? i mean your PC, is it XP or Seven? so far the problem i've ever experienced was just with my PC's OS. just like i said before if you're using Seven don't forget to install openvpn as administrator and set it to XP SP 3 compatibility.

but if that's not your current problem, you can pm me your vps login (root) and password with fresh installed CentOS, i'll try to install openvpn and after that you can see my command history.
I'm using Win XP SP3 on a single core Athlon 3200+, it's an old comp. I do have kloxo installed, I did that first as I want to run web proxies too, would that make a difference?

  #15  
Old 03-07-2011, 11:34 AM
lxspcby lxspcby is offline
WHT Addict
 
Join Date: Jul 2009
Location: Tangerang, ID
Posts: 124
Quote:
Originally Posted by iDeq View Post
I'm using Win XP SP3 on a single core Athlon 3200+, it's an old comp. I do have kloxo installed, I did that first as I want to run web proxies too, would that make a difference?
it should be no problem, but i usually running openvpn with no other apps installed, and if i want to run another apps in the same box i'll install and run the openvpn first.

__________________
>>OpenVPN Auto Installer
>>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
openVPN on openVZ with CentOS 5.5 Teh Wallhacks VPS Hosting 16 11-26-2010 05:25 AM
OpenVPN Install MJimLay Systems Management Requests 4 10-20-2010 06:51 AM
need some one to install OpenVPN -whynot- VPS Hosting 5 11-06-2008 03:50 PM
how can i install openvpn in centos server soltany Hosting Security and Technology 7 09-08-2007 06:03 AM
OpenVPN/pptpd - install verloni Employment / Job Offers 0 08-25-2005 05:15 AM

Related posts from TheWhir.com
Title Type Date Posted
Red Hat Takes Active Role in CentOS Project to Drive New Technology Adoption Web Hosting News 2014-01-08 12:00:22
Web Hosting Sales and Promos Roundup - November 8, 2013 Web Hosting News 2014-05-23 15:42:41
Solar VPS Becomes Official Mirror for Centos and Ubuntu Web Hosting News 2013-04-16 11:03:34
Inerol Solutions Launches XEN VPS Hosting Service Web Hosting News 2014-05-23 15:46:53
Web Hosting Sales and Promos Roundup – March 22, 2013 Web Hosting News 2014-05-23 15:43:14


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?