OpenVPN and CentOS 5 Installation and Configuration

OpenVPN and CentOS 5 Installation and Configuration

Many people found that installing VPN on linux is not that easy, the abvailable installation guides on VPN is often limited. I have tried a lot of installation guides and finally get it connected successfully.

Here are the steps to guide you installed a secure connection between your CentOS 5 with OpenVPN open source application.

1. Download the required package files.

#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

2. Install and build your download files

You may need the required repository before start your installation

#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel

If you have the above dependencies installed, you can start your installation as follows:

#rpmbuild –rebuild lzo-1.08-4.rf.src.rpm

#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm

#rpmbuild -tb openvpn-2.0.9.tar.gz

#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

3. Copy configuration files

#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

4. CA configuration

#cd /etc/openvpn/easy-rsa/
#pico vars (or use vi editor, I just like to use pico)

then scroll down to the bottom, edit as you like.

export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”

#. ./vars (note a space between . . )
#./clean-all

5. Build CA

# ./build-ca
Generating a 1024 bit RSA private key
…..++++++
………………………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [KG]:UK
State or Province Name (full name) [NA]:TST
Locality Name (eg, city) [BISHKEK]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:Server-test
Common Name (eg, your name or your server’s hostname) []:testserver
Email Address [blue@gmail.com]:

Some information above already entered in step 4, Just hit enter and go to next line.

6. Building server key

# ./build-key-server ovpnsrv1
Generating a 1024 bit RSA private key
…………………….++++++
………………………………………………….++++++
writing new private key to ‘ovpnsrv1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [KG]:UK
State or Province Name (full name) [NA]:TST
Locality Name (eg, city) [BISHKEK]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:Server-test
Common Name (eg, your name or your server’s hostname) []:servertest
Email Address [blue@gmail.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:******
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’UK’
stateOrProvinceName :PRINTABLE:’TST’
localityName :PRINTABLE:’BISHKEK’
organizationName :PRINTABLE:’OpenVPN-TEST’
organizationalUnitName:PRINTABLE:’Server-test’
commonName :PRINTABLE:’servertest’
emailAddress :IA5STRING:’blue@gmail.com’
Certificate is to be certified until Aug 10 21:01:04 2022 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

7. Building Diffie Hellman

# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
…………………………….+…………………………………………………………………….++*++*++*

8. Copy key certificates to the required folder

# cp keys/ca.crt ../
# cp keys/dh1024.pem ../
# cp keys/ovpnsrv1.key ../
# cp keys/ovpnsrv1.crt ../

9. OpenVPN configuration

#cd ../
#vim server.conf
dev tap
;dev tun
ca ca.crt
cert ovpnsrv1.crt
key ovpnsrv1.key # This file should be kept secret

10. Startup the OpenVPN service

# service openvpn restart
# chkconfig openvpn on

11. To check if your container has been allocated TUN permissions appropriately, simply run:

# cat /dev/net/tun

This should be returned:

# cat: /dev/net/tun: File descriptor in bad state

If you get a ‘Permission Denied’ error or anything else, there is likely a problem with the TUN configuration for your container.
==================================================================>