Page 1 of 19 123411 ... LastLast
Results 1 to 15 of 279
  1. #1
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124

    Install OpenVPN on CentOS

    I have searched this forum and i don't find any OPENVPN tutorial, so i'll write tutorial how to make OPENVPN running on CentOS, hope it will be useful.

    Here i'm using OpenVZ VPS with CentOS 5.5 32bit, and about the memory requirement? Don't worry, OPENVPN doesn't eat your memory too much, i have 50 user running in my 128MB vps and it only eats 25MB memory

    First thing you have to do is check whether tun/tap is active or not by typing
    #cat /dev/net/tun

    Code:
    cat: /dev/net/tun: File descriptor in bad state
    take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

    Install required modules
    #yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

    Download OPENVPN repo
    #wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

    for 32bit
    #wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

    for 64bit
    #wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

    Build the rpm packages
    #rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
    #rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
    #rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm


    *remember to change i386 to x86_64 if you're using 64bit

    Install OPENVPN
    #yum install openvpn

    Copy OPENVPN easy-rsa folder to /etc/openvpn/
    #cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/

    Now let's create the certificate
    #cd /etc/openvpn/easy-rsa/2.0
    #chmod 755 *
    #source ./vars
    #./vars
    #./clean-all


    Build CA
    #./build-ca

    Code:
    Country Name: may be filled or press enter
    State or Province Name: may be filled or press enter
    City: may be filled or press enter
    Org Name: may be filled or press enter
    Org Unit Name: may be filled or press enter
    Common Name: your server hostname
    Email Address: may be filled or press enter
    Build key server
    #./build-key-server server


    Code:
    Almost the same with ./build.ca but check the changes and additional
    Common Name: server
    A challenge password: leave
    Optional company name: fill or enter
    sign the certificate: y
    1 out of 1 certificate requests: y

    Build Diffie Hellman (wait a moment until the process finish)
    #./build-dh

    Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like
    #nano /etc/openvpn/1194.conf

    Code:
    local 123.123.123.123 #- your_server_ip
    port 1194 #- port
    proto udp #- protocol
    dev tun
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
    plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
    client-cert-not-required
    username-as-common-name
    server 1.2.3.0 255.255.255.0
    push "redirect-gateway def1"
    push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 4.2.2.1"
    keepalive 5 30
    comp-lzo
    persist-key
    persist-tun
    status 1194.log
    verb 3
    before you save the configuration, make sure that the "plugin /usr/share/.. /pam.d/login" is one line

    Start the OPENVPN with 1194.conf
    #openvpn /etc/openvpn/1194.conf &

    here's the status if OPENVPN successfully started

    Code:
    Mon Feb 21 02:23:20 2011 UDPv4 link remote: [undef]
    Mon Feb 21 02:23:20 2011 MULTI: multi_init called, r=256 v=256
    Mon Feb 21 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62
    Mon Feb 21 02:23:20 2011 Initialization Sequence Completed
    Make OPENVPN 1194.conf running in background
    #bg

    Enable ipv4 forward
    #echo 1 > /proc/sys/net/ipv4/ip_forward

    Route iptables
    #iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123

    *1.2.3.0 is allocated ip for OPENVPN client
    *123.123.123.123 is your server ip


    Now we create username and password for authorization
    #useradd username -s /bin/false
    #passwd username


    Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client

    Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.1.4 from here

    After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)

    Also create client configuration file in OPENVPN config directory, here's the example:

    Code:
    client
    dev tun
    proto udp #- protocol
    remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port
    resolv-retry infinite
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ca ca.crt
    auth-user-pass
    comp-lzo
    verb 3
    save with anyname.ovpn or 1194.ovpn

    http://i56.tinypic.com/aktvet.jpg

    Run OPENVPN Client on your Windows, connect with your username and password.

    http://i55.tinypic.com/2vwz9di.jpg
    http://i53.tinypic.com/2883y0y.jpg

    Check your IP Address in browser and Voila!!! You're IP is now changed to your server IP

    note:
    - Never fails make OPENVPN on CentOS with this tutorial
    - Those configurations above are basic configuration, you can check OPENVPN website for another configuration
    - If you're using Win 7, before installing OPENVPN client, right click on the installer, properties, run as administrator and change compatibility to Windows XP SP3
    - If you wanna add another port, maybe TCP so you can run OPENVPN over proxy, just create new configuration for server, adjust the following lines:

    Code:
    port: your preferred port
    protocol: tcp or udp
    client's ip: 1.2.4.0 or 1.2.5.0 ; 1.2.6.0 ; and so on
    also new configuration for client

    Code:
    proto xxxx #- change xxxx to tcp or udp
    remote 123.123.123.123 yyyy #- change yyyy to OPENVPN port
    and then run the command
    #iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123

    Ref: Uncle G
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  2. #2
    Great Tutorial and It's help me alot there .. .Big Thanks Btw, I have some question


    Now we create username and password for authorization
    #useradd username -s /bin/false
    #passwd username
    How to remove user which I had added ? Can we use this software to access VPN
    ( openvpn.net/index.php?option=com_content&id=357 ) or it's for Openvpn access server product use only ?

    THanks,
    Symon Lim
    Last edited by Symon; 03-04-2011 at 01:43 AM.

  3. #3
    Join Date
    Mar 2003
    Posts
    12,604
    To delete a user: userdel username
    .
    JoneSolutions.Com is on the net providing services and support 24/7 since 2001.
    .

  4. #4
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124
    Quote Originally Posted by Symon View Post
    Great Tutorial and It's help me alot there .. .Big Thanks Btw, I have some question




    How to remove user which I had added ? Can we use this software to access VPN
    ( openvpn.net/index.php?option=com_content&id=357 ) or it's for Openvpn access server product use only ?

    THanks,
    Symon Lim
    thanks mate, your question has been answered

    Quote Originally Posted by net View Post
    To delete a user: userdel username
    thank you mod

    edit:

    anyway i forgot to mention, if you want to open new port, after create new configuration, run again the conf.

    e.g. your conf name is 443.conf
    #openvpn /etc/openvpn/443.conf &
    #bg
    Last edited by lxspcby; 03-04-2011 at 04:39 AM.
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  5. #5
    Thanks Net & lxspcby

  6. #6
    thanks lxspcby

  7. #7

    Thanks for the great help

    Thanks a lot for your effort i really see it so easy
    But everything was Okay till get to the step
    openvpn /etc/openvpn/1194.conf &

    i got that ERROR!!:

    [root@c252 keys]# openvpn /etc/openvpn/1194.conf &
    [1] 17726
    [root@c252 keys]# Mon Mar 7 09:11:12 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
    Mon Mar 7 09:11:12 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Mon Mar 7 09:11:12 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Mon Mar 7 09:11:12 2011 Diffie-Hellman initialized with 1024 bit key
    Mon Mar 7 09:11:12 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
    Mon Mar 7 09:11:12 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Mar 7 09:11:12 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
    Mon Mar 7 09:11:12 2011 ROUTE: default_gateway=UNDEF
    Mon Mar 7 09:11:12 2011 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
    Mon Mar 7 09:11:12 2011 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
    Mon Mar 7 09:11:12 2011 Cannot allocate TUN/TAP dev dynamically
    Mon Mar 7 09:11:12 2011 Exiting

    I think TUN/TAP is Allowed!!

    [root@c252 keys]# cat /dev/net/tun
    cat: /dev/net/tun: No such device
    [root@c252 keys]# ls -al /dev/net/tun
    crw------- 1 root root 10, 200 Mar 7 07:01 /dev/net/tun
    Last edited by pepsimanplus; 03-07-2011 at 02:16 AM.

  8. #8
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124
    did you read my post about allowed TUN/TAP?!!!!
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  9. #9
    Join Date
    Mar 2011
    Posts
    90
    Thanks for the tutorial lxspcby, it's time I got my hands dirty

    I've followed all the instructions and have got it almost working. I had a problem with server time at first but my host corrected that, and now I can connect with openvpn.

    The problem I get now though is the assigned IP address, is there somewhere to set it or change the default? I get an IP of 1.2.3.6 but I would've expected it to be my server IP. When I try to connect to www I just get '... not found...' for everything. When I disconnect it all goes back to normal and works OK.

    I guess I must've boo boo'd somewhere. Any advice welcome.

  10. #10
    Yes! the problem was with my VPS provider i think they didn't know how to allow it finally they did
    now i get this Error!

    [root@c252 ~]# openvpn /etc/openvpn/1194.conf &
    [1] 11599
    [root@c252 ~]# Mon Mar 7 16:32:38 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
    Mon Mar 7 16:32:38 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Mon Mar 7 16:32:38 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Mon Mar 7 16:32:38 2011 Diffie-Hellman initialized with 1024 bit key
    Mon Mar 7 16:32:38 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
    Mon Mar 7 16:32:38 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Mar 7 16:32:38 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
    Mon Mar 7 16:32:38 2011 TCP/UDP: Socket bind failed on local address 204.93.197.23:53: Address already in use
    Mon Mar 7 16:32:38 2011 Exiting

    i tryied to allow the port UDP 53

    [root@c252 ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
    [root@c252 ~]# /etc/init.d/iptables save
    Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
    [root@c252 ~]# /etc/init.d/iptables restart
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter nat [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: [ OK ]

    but nothing new the same Error!

  11. #11
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124
    Quote Originally Posted by iDeq View Post
    Thanks for the tutorial lxspcby, it's time I got my hands dirty

    I've followed all the instructions and have got it almost working. I had a problem with server time at first but my host corrected that, and now I can connect with openvpn.

    The problem I get now though is the assigned IP address, is there somewhere to set it or change the default? I get an IP of 1.2.3.6 but I would've expected it to be my server IP. When I try to connect to www I just get '... not found...' for everything. When I disconnect it all goes back to normal and works OK.

    I guess I must've boo boo'd somewhere. Any advice welcome.
    umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

    Quote Originally Posted by pepsimanplus View Post
    Yes! the problem was with my VPS provider i think they didn't know how to allow it finally they did
    now i get this Error!

    [root@c252 ~]# openvpn /etc/openvpn/1194.conf &
    [1] 11599
    [root@c252 ~]# Mon Mar 7 16:32:38 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 2 2010
    Mon Mar 7 16:32:38 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Mon Mar 7 16:32:38 2011 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Mon Mar 7 16:32:38 2011 Diffie-Hellman initialized with 1024 bit key
    Mon Mar 7 16:32:38 2011 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
    Mon Mar 7 16:32:38 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Mar 7 16:32:38 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
    Mon Mar 7 16:32:38 2011 TCP/UDP: Socket bind failed on local address 204.93.197.23:53: Address already in use
    Mon Mar 7 16:32:38 2011 Exiting

    i tryied to allow the port UDP 53

    [root@c252 ~]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
    [root@c252 ~]# /etc/init.d/iptables save
    Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
    [root@c252 ~]# /etc/init.d/iptables restart
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter nat [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: [ OK ]

    but nothing new the same Error!
    i think you're setting is not correct mate. if you want to connect to port 53 then youropenvpnconfig.conf must be:

    Code:
    local 123.123.123.123 #- your_server_ip
    port 53 #- port
    proto udp #- udp or tcp protocol
    after that run command
    Code:
    #openvpn /etc/openvpn/youropenvpnconfig.conf &
    #bg
    #iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123
    for client configuration (*.ovpn)
    Code:
    client
    dev tun
    proto udp #- protocol
    remote 123.123.123.123 53 #- SERVER IP and OPENVPN Port
    just like that, all configuration is in your openvpn.conf, not in iptables. also remember to stop the services which using port 53 first.
    Last edited by lxspcby; 03-07-2011 at 10:06 AM.
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  12. #12
    Join Date
    Mar 2011
    Posts
    90
    [QUOTE=lxspcby;7322817]umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

    I'm not sure I understand the question, sorry, could you be more specific? I did this bit:
    Make OPENVPN 1194.conf running in background
    #bg

    Enable ipv4 forward
    #echo 1 > /proc/sys/net/ipv4/ip_forward

    Route iptables
    #iptables -t nat -A POSTROUTING -s (My own IP)/24 -j SNAT --to (server IP)

    I used port #1194 as specified.

  13. #13
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124
    [QUOTE=iDeq;7322914]
    Quote Originally Posted by lxspcby View Post
    umm... 1.2.3.6 is auto assigned ip for client, can't change it. anyway what port did you use? have you forward the ip and route iptables?

    I'm not sure I understand the question, sorry, could you be more specific? I did this bit:



    I used port #1194 as specified.
    what OS do you use? i mean your PC, is it XP or Seven? so far the problem i've ever experienced was just with my PC's OS. just like i said before if you're using Seven don't forget to install openvpn as administrator and set it to XP SP 3 compatibility.

    but if that's not your current problem, you can pm me your vps login (root) and password with fresh installed CentOS, i'll try to install openvpn and after that you can see my command history.
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

  14. #14
    Join Date
    Mar 2011
    Posts
    90
    [QUOTE=lxspcby;7322948]
    Quote Originally Posted by iDeq View Post

    what OS do you use? i mean your PC, is it XP or Seven? so far the problem i've ever experienced was just with my PC's OS. just like i said before if you're using Seven don't forget to install openvpn as administrator and set it to XP SP 3 compatibility.

    but if that's not your current problem, you can pm me your vps login (root) and password with fresh installed CentOS, i'll try to install openvpn and after that you can see my command history.
    I'm using Win XP SP3 on a single core Athlon 3200+, it's an old comp. I do have kloxo installed, I did that first as I want to run web proxies too, would that make a difference?

  15. #15
    Join Date
    Jul 2009
    Location
    Tangerang, ID
    Posts
    124
    Quote Originally Posted by iDeq View Post
    I'm using Win XP SP3 on a single core Athlon 3200+, it's an old comp. I do have kloxo installed, I did that first as I want to run web proxies too, would that make a difference?
    it should be no problem, but i usually running openvpn with no other apps installed, and if i want to run another apps in the same box i'll install and run the openvpn first.
    >>OpenVPN Auto Installer
    >>Nginx Auto Installer NGX 1.7.0, 1.6.0 - PHP 5.3, 5.4, 5.5 - MySQL 5.1, 5.5

Page 1 of 19 123411 ... LastLast

Similar Threads

  1. openVPN on openVZ with CentOS 5.5
    By Teh Wallhacks in forum VPS Hosting
    Replies: 16
    Last Post: 11-26-2010, 05:25 AM
  2. OpenVPN Install
    By MJimLay in forum Systems Management Requests
    Replies: 4
    Last Post: 10-20-2010, 06:51 AM
  3. need some one to install OpenVPN
    By -whynot- in forum VPS Hosting
    Replies: 5
    Last Post: 11-06-2008, 03:50 PM
  4. how can i install openvpn in centos server
    By soltany in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-08-2007, 06:03 AM
  5. OpenVPN/pptpd - install
    By verloni in forum Employment / Job Offers
    Replies: 0
    Last Post: 08-25-2005, 05:15 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •