What's new

tutorial Install FreeRADIUS & Additional Modules on CentOS 7 (part 1)

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
How to Install and Setup OpenVPN on a CentOS 6 Server
What is OpenVPN?
OpenVPN is a software application that encrypts all VPN traffic and provides a secure connection between machines. This is useful if your services are on a local network and you have to access them remotely but don’t want these services to be publicly accessible. In this step by step tutorial we will explain how to install OpenVPN on your CentOS 6 server.
What you’ll need
A VPS server running on CentOS 6.
A SSH client (OSX,Linux users have Terminal and Windows users can download PuTTY).
Step 1 — Log into your Server via SSH
Log into your server via SSH as root. Next we need to get the Extra Packages for Enterprise Linux (EPEL) Repository enabled on your server so that you will have the OpenVPN package.Type:
Install OpenVPN from your EPEL repository:
1
2​
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm
Step 2 — Install EPEL Repository
Install OpenVPN from your EPEL repository:
1​
yum install openvpn -y
Next we’ll copy the sample configuration file to its new location:
1​
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
Now let’s edit it:
1
2
3
4​
nano -w /etc/openvpn/server.conf
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
We uncommented the push parameter which is responsible for routing our client’s system traffic through OpenVPN and changed the section that follows route DNS queries to public Goggle’s public DNS servers.
Step 3 — Generate Keys & Certificates
After configuring the file, we now need to generate some keys and certificates. Copy the easy-rsa folder to etc/openvpn/:
1
2​
mkdir -p /etc/openvpn/easy-r/keys
cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa
Edit the vars file, the KEY_ variables to be more precise, then copy the OpenSSL config file:
1
2​
nano -w /etc/openvpn/easy-rsa/vars
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Now create the certificate:
1
2
3
4​
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
Build key-server:
1​
./build-key-server server
After that we need to generate our Diffie Hellman key exchanges and copy our files to etc/openvpn:
1
2
3​
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
We now need to create certificates for clients to authenticate. Repeat for each client or device:
1
2​
cd /etc/openvpn/easy-rsa
./build-key client
Step 4 — Configure Routing
Let’s continue with configuring our routing on OpenVPN:
1
2
3
4
5​
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
nano -w /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
Start the server and check if it starts on boot:
1
2​
service openvpn start
chkconfig openvpn on
Step 5 — Configure OpenVPN
To configure the OpenVPN client you need to retrieve the ca.crt, client.crt and client.key from remote server using your SFTP/SCP (transfer protocol, secure copy) of choice.
1
2
3​
nano -w /etc/openvpn/easy-rsa/keys/ca.crt
nano -w /etc/openvpn/easy-rsa/keys/client.crt
nano -w /etc/openvpn/easy-rsa/keys/client.key
We will now create another file client.ovpn with the name of the user we want to authenticate (build key).Replace x.x.x.x with your servers IP address:
1
2
3
4
5
6
7
8
9
10
11
12
13​
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca "/etc/openvpn/easy-rsa/keys/ca.crt"
cert "/etc/openvpn/easy-rsa/keys/client.crt"
key "/etc/openvpn/easy-rsa/keys/client.key"
Linux
Install OpenVPN from your official repositories and can invoke them by:
1​
sudo openvpn --config ~/path/to/client.ovpn
Windows
You will need do download from OpenVPN’s official site the Community edition binaries that come prepackaged with a GUI. Before installation, put the .ovpn config file in C:\Program Files\OpenVPN\config and then connect to the OpenVPN interface.
Mac OSX
The app we need here is Tunnelblick, which is the equivalent for OpenVPN’s GUI for Windows(requires tun/tap drivers). Place your .ovpn file in the ~/Library/Application Support/Tunnelblick/Configurations directory before installation.
ANY DONATION ACCEPTED:
09388407503 (GCASH)

ENJOY MGA TOL!

#ahnounhymou
 

Attachments

Top