Hardcore Linux

Anything about Ubuntu, Centos, openSuSe and Fedora

Easy openVPN Server in CentOS 5.3

1. Install necessary library

yum install lzo lzo-devel zlib zlib-devel

2. At this moment openssl should already installed.

(A required package for a server)

3. Install the openvpn package

yum install openvpn

4. Copy necessary sample scripts and configuration file

cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn
cp /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnf /etc/openvpn

5. Before running scripts, make sure that it has the executable permission.
If not perform the following:

cd /etc/openvpn/easy-rsa
chmod +x clean-all
chmod +a build*

6. Modidy you CA configuration

vi /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”

7. Save your modified settings and run:

. ./vars
mkdir /etc/openvpn/keys
./clean-all

8. Now your configuration is ready, create your server CA authentication files

cd /etc/openvpn/easy-rsa
./build-ca

9. Build your server keys

./build-key-server vpnserver

10. Building Diffie Hellman file

./build-dh

11. Modify the sample /etc/openvpn/server.conf

mode server
client-to-client
port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20

12.Please note of the ipp.txt which contains something like this

client1,10.10.10.4
client2,10.10.10.5

13. Configure the services to autostart and eventually start the service

service openvpn restart
/etc/init.d/openvpn start

14. Server is up at this moment. You can now create keys for each of your client.

15. Done.

10 responses to “Easy openVPN Server in CentOS 5.3

  1. stuff May 20, 2009 at 6:36 am

    great article, sadly no comments to compliment.

    • Stephen Wong May 27, 2009 at 8:30 am

      But it doesn’t work, because lzo zlib and openvpn are not available from the default CentOS repositories.

      Please list which repository is needed.

      My 2 cents.

      Stephen WONG @ Hong Kong

      • Stephen Wong May 27, 2009 at 8:39 am

        Okay, I found it, I mean the necessary repository:

        [dag]
        name=Dag RPM Repository for Red Hat Enterprise Linux
        baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
        gpgcheck=1
        enabled=1

        Add the above lines to /etc/yum.conf, and ‘yum install openvpn’, that’s it.

        Stephen WONG @ Hong Kong

  2. hardc0l2e May 28, 2009 at 5:17 am

    Oh yeah I forgot to publish the adding additional repos first. Thanks anyway

  3. ProT-0-TypE June 6, 2009 at 4:52 pm

    Openvpn is available on EPEL repository.
    To add that repo look at http://fedoraproject.org/wiki/EPEL/FAQ#howtouse

  4. Maulvi November 8, 2009 at 6:54 pm

    OpenVPN really is available on EPEL. But I’d rather recommend DAG’s. The idea with enterprise is simply enterprise class.. EPEL’s v2.1 (beta) while DAG’s is 2.0.9 (stable). Info is correct as of writing.

  5. kEnBy April 19, 2010 at 6:02 pm

    Hi,
    That’s really nice article!, no error!.
    but the only problem is it’s really come in brief, I mean there is nothing here about the iptable configurations and etc .., if possible please also post the required configuration.

    By the way I’m getting the following error when trying to connect from the client(the 1194 port is open on firewall):

    Mon Apr 19 22:29:09 2010 TCPv4_CLIENT link local: [undef]
    Mon Apr 19 22:29:09 2010 TCPv4_CLIENT link remote: 67.223.X.X:1194
    Mon Apr 19 22:30:09 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mon Apr 19 22:30:09 2010 TLS Error: TLS handshake failed
    Mon Apr 19 22:30:09 2010 Fatal TLS error (check_tls_errors_co), restarting
    Mon Apr 19 22:30:09 2010 TCP/UDP: Closing socket
    Mon Apr 19 22:30:09 2010 SIGUSR1[soft,tls-error] received, process restarting
    Mon Apr 19 22:30:09 2010 Restart pause, 5 second(s)

    where the 67.223.X.X is the server’s IP, any idea about how to resolve the issue?

  6. Tamilarasan September 28, 2010 at 5:35 am

    Better optimal Link….

    Thanks a lot.

  7. mody April 1, 2011 at 12:18 am

    Hello, after a successful install, I can connect to openvpn but cant open any websitešŸ˜¦

    my vps is from http://spidervpn.com , any idea?

  8. Suresh Kumar Prajapati June 15, 2011 at 10:26 am

    Hi,
    Thanx for such a gd stuff. I’ve gone through all the steps listed here but i’m getting following error in the openvpn.log
    “Cannot open /etc/openvpn/keys/dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file”

    But I’ve made ensure that the path to dh1024.pem is correct in the server.conf.
    checked lots of pages but cant find anything gd.
    Please help …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: