1. Install necessary library
yum install lzo lzo-devel zlib zlib-devel
2. At this moment openssl should already installed.
(A required package for a server)
3. Install the openvpn package
yum install openvpn
4. Copy necessary sample scripts and configuration file
cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn
cp /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnf /etc/openvpn
5. Before running scripts, make sure that it has the executable permission.
If not perform the following:
cd /etc/openvpn/easy-rsa
chmod +x clean-all
chmod +a build*
6. Modidy you CA configuration
vi /etc/openvpn/easy-rsa/vars
export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”
7. Save your modified settings and run:
. ./vars
mkdir /etc/openvpn/keys
./clean-all
8. Now your configuration is ready, create your server CA authentication files
cd /etc/openvpn/easy-rsa
./build-ca
9. Build your server keys
./build-key-server vpnserver
10. Building Diffie Hellman file
./build-dh
11. Modify the sample /etc/openvpn/server.conf
mode server
client-to-client
port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
12.Please note of the ipp.txt which contains something like this
client1,10.10.10.4
client2,10.10.10.5
13. Configure the services to autostart and eventually start the service
service openvpn restart
/etc/init.d/openvpn start
14. Server is up at this moment. You can now create keys for each of your client.
15. Done.
great article, sadly no comments to compliment.
But it doesn’t work, because lzo zlib and openvpn are not available from the default CentOS repositories.
Please list which repository is needed.
My 2 cents.
Stephen WONG @ Hong Kong
Okay, I found it, I mean the necessary repository:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
Add the above lines to /etc/yum.conf, and ‘yum install openvpn’, that’s it.
Stephen WONG @ Hong Kong
Oh yeah I forgot to publish the adding additional repos first. Thanks anyway
Openvpn is available on EPEL repository.
To add that repo look at http://fedoraproject.org/wiki/EPEL/FAQ#howtouse
OpenVPN really is available on EPEL. But I’d rather recommend DAG’s. The idea with enterprise is simply enterprise class.. EPEL’s v2.1 (beta) while DAG’s is 2.0.9 (stable). Info is correct as of writing.