Open VPN Configuration by avenzare .

Inure to Advance

Document describes the perquisites and basics of configuring the Open VPN on Red hat flavors of Linux. The document is prepared on the basis of a Centos server (Open VPN server) in Public IP Address and clients behind the natted IP Address. In the later session of the document the will explain the Open VPN client configuration on both Windows and Linux machines. This document is prepared for the basic concept of Open VPN and the author is not responsible for any kind of mis-configuration in your current system.

OpenVPN Installation Install the Open VPN and dependant rpm’s to the Centos server. Make sure mentioned are installed, if not install the dependencies

Open VPN and dependant files:-

[root@linux ~ ]# yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Open VPN files

Lzo-2.03-1 Lzo-minilzo-2.03-1 Lzo-devel-2.03-1 Openvpn-2.0.9

Create a new folder openvpn in the directory /usr/src/ Download the required files to the directory /usr/src/openvpn/ Issue the command as shown below to download the file

[root@linux openvpn]# wget http://openvpn.net/release/openvpn-2.0.9.tar.gz [root@linux openvpn]# wget ftp://fr.rpmfind.net/linux/fedora/releases/10/Everything/i386/os/Packages/lzo-2.03-1.fc10.i386.rpm [root@linux openvpn]# wget ftp://fr2.rpmfind.net/linux/fedora/releases/10/Everything/i386/os/Packages/lzo-minilzo-2.031.fc10.i386.rpm [root@linux openvpn]# wget ftp://fr.rpmfind.net/linux/fedora/releases/10/Everything/i386/os/Packages/lzo-devel-2.031.fc10.i386.rpm

Installation of OpenVPN packages

[root@linux openvpn]# rpm -Uvh lzo-2.03-1.fc10.i386.rpm [root@linux openvpn]# rpm -Uvh lzo-minilzo-2.03-1.fc10.i386.rpm [root@linux openvpn]# rpm -Uvh lzo-devel-2.03-1.fc10.i386.rpm Step 1 [root@linux openvpn]#tar -xvzf openvpn-2.0.9.tar.gz [root@linux openvpn]# cd openvpn-2.0.9 [root@linux openvpn]# ./configure [root@linux openvpn]# make

[root@linux openvpn]#make install

Step 2 [root@linux openvpn]# rpmbuild -tb openvpn-2.0.9.tar.gz [root@linux openvpn]# rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn- 2.0.9-1.i386.rpm

Server Configuration

Change the working directory to /usr/lib/ Issue the command as shown below

# ln -s liblzo2.so.2.0.0 liblzo.so.1 #cp -rf /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ # cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

# cd /et

c/openvpn/easy-rsa ; Changing the working directory to /etc/openvpn/easy-rsa

Open the file vars and edit as shown below (marked in orange)

export KEY_COUNTRY=IN export KEY_PROVINCE=TM export KEY_CITY=TRIVANDRUM

export KEY_ORG="AVENZAREOPENVPN" export KEY_EMAIL="lasapster@gmail.com"

After editing the file issue the command

#. ./vars

;(between two dots there is space)

#./clean-all

Building certificates

#./build-ca

Generating a 1024 bit RSA private key ......++++++ .....................................++++++ writing new private key to 'ca.key' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Country Name (2 letter code) [IN]: State or Province Name (full name) [TM]: Locality Name (eg, city) [TRIVANDRUM]: Organization Name (eg, company) [AVENZAREOPENVPN]: Organizational Unit Name (eg, section) []: INDUSTRY Common Name (eg, your name or your server's hostname) []:avenzare.com Email Address [lasapster@gmail.com]:

# ./build-key-server myserver

Generating a 1024 bit RSA private key .............................++++++ .........................++++++ writing new private key to 'myserver.key' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [IN]: State or Province Name (full name) [TM]:

Locality Name (eg, city) [TRIVANDRUM]: Organization Name (eg, company) [AVENZAREOPENVPN]: Organizational Unit Name (eg, section) []: INDUSTRY Common Name (eg, your name or your server's hostname) []:avenzare.com Email Address [lasapster@gmail.com]:

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:secretpassword An optional company name []:avanzare Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows country Name :PRINTABLE:'IN' stateOrProvinceName :PRINTABLE:'TM' localityName :PRINTABLE:TRIVANDRUM' organizationName :PRINTABLE:'AVANZAREOPENVPN' organizationalUnitName:PRINTABLE:'INDUSTRY' commonName :PRINTABLE:'avanzare.com' emailAddress :IA5STRING:'lasapster@gmail.com' Certificate is to be certified until OCT 26 19:40:25 2019 GMT (3650 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated

#./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ……………………………..

#./build-key admin

Generating a 1024 bit RSA private key .....................++++++ ...............................++++++ writing new private key to 'admin.key'

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

emailAddress :IA5STRING:'lasapster@gmail.com' Certificate is to be certified until OCT 26 19:40:25 2019 GMT (3650 days) Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated

#./build-key-pass user1

Generating a 1024 bit RSA private key ........++++++ .++++++ writing new private key to 'user1.key' Enter PEM pass phrase: <password used when connecting > Verifying - Enter PEM pass phrase: < password used when connecting > ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [IN]: State or Province Name (full name) [TM]:

1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated

Copying the file to OpenVPN root directory

[root@linux easy-rsa]# cp keys/ca.crt ../ [root@linux easy-rsa]# cp keys/dh1024.pem ../ [root@linux easy-rsa]# cp keys/myserver.key ../ [root@linux easy-rsa]# cp keys/myserver.crt ../

Server configuration file

Modify the file server.conf in the directory /etc /openvpn and configure as shown below

#vi /etc/openvpn/server.conf

local <Public/Natted IP of your machine> dev tap ; dev tun ca ca.crt cert myserver.crt key myserver.key # This file should be kept secret client-to-client ; comp-lzo max-clients 100 user nobody group nobody

Client Configuration

Windows Client

Download the file and install the openvpn client http://openvpn.net/release/openvpn-2.1_rc9-install.exe

Create a folder called keys inside the directory C:\Program Files\OpenVPN\config\ Download the files ca.crt, userx.crt, and userx.key and copy these files to C:\Program Files\OpenVPN\config\keys make a file client.ovpn in the directory C:\Program Files\OpenVPN\config\

Edit the file and include as follows client dev tap proto udp remote <Server IP Address>1194 resolv-retry infinite nobind persist-key persist-tun ca keys/ca.crt cert keys/userx.crt key keys/userx.key verb 3

How to run openvpn client

Run openvpn gui (start - all programs - openvpn - openvpn gui)

On system tray, right click the openvpn icon and then click connect

Note :- How to create client.ovpn file

Open a new text document edit the file then save as and enter as shown below.

Linux Client

Follow the step OpenVPN installation

Client Configuration

# ln -s liblzo2.so.2.0.0 liblzo.so.1 #cp -rf /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ # cp /usr/share/doc/openvpn-2.0.9/sample-config-files/client.conf /etc/openvpn/

Make a new directory called keys inside the directory /etc/openvpn/ Download and copy the files ca.crt, userx.crt, and userx.key to the directory /etc/openvpn/keys Modify the file client.conf as follows

client dev tap proto udp remote <VPN Server IP> 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/userx.crt key /etc/openvpn/keys/userx.key verb 3 user nobody group nobody

Viola!!! You are done !!

Sarn inure, to advance