This tutorial is about installing OpenVPN server on a CentOS server and setting up the client and drivers to work with Windows 7.
Installing OpenVPN on server:
We begin by logging in to your server control panel and making sure TUN/TAP service is enabled, for some providers you might have to write them a ticket requesting it to be enabled. Then we log in and download the openvpn package with the wget command:
Next, we install the downloaded package with sudo rpm:
sudo rpm -Uvh rpmforge-release*
Notice how I replaced the rest of the file name with
* its easier then typing out the whole name,we could also write
rpm and press tab to autocomplete the file name.
Then we type
sudo yum install openvp openssl-devel -y
You should see a bunch of files download and install which is what we want:
Now we have to copy the key building folder to /etc/openvpn
sudo cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
We now have to edit the vars file in the easy-rsa folder with some text editor, i use 'nano':
sudo nano /etc/openvpn/easy-rsa/2.0/vars
We need to find a line called
export KEY_CONFIG='$EASY_RSA/whichopensslcnf $EASY_RSA'
and replace it with:
then save and exit.
Now we have to make the certificates for the server and the client. We firstly go to the 2.0 folder in the easy-rsa folder we moved earlier:
and then we give the 2.0 folder read, write and execute permissions:
sudo chmod 755 *
Then we do the following:
And then we start building the certificate authority:
for some reason the above command didn't work so i switched to root with
su root and tried
./build-ca again and it worked, launching a little questionnaire for you to answer you can put it any answers you like except the 'Common Name'. Use your hostname to answer this one.
Now we can generate keys for the server:
This will launch yet another set of questions, when you're asked for common name use 'server' and leave challenge password blank and then sign the certificate.
Then we have to
./build-dh to build a Diffie Hellman whoever he is.
And now we can make a new server config file with the touch command for creating new files:
sudo nano /etc/openvpn/server.conf and enter this in there:
port 1194 #- you can use whatever port you like 1194 is the default proto udp #- this is the protocol you will be using dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 126.96.36.199" #-this is your dns addres push "dhcp-option DNS 188.8.131.52" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
The last thing before starting the server is to apply the corret routing rule so that the traffic from the windows client is passed through to the server and then out to the internet:
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j
After you're done you can close and save this and start openvpn with
service openvpn start command and the make sure openvpn starts on boot with
Then we go to the 2.0 folder in
/etc/openvpn/easy-rsa/2.0 to make the 1st client key, for me this command only worked as root so i did
su root and then
This will bring up another set of questiosn like with the previous certs, answer them any way you like, the less true information you give the more privacy you have I suppose.
Next, we can enable ipv4 routing by editing the config file
sudo nano /etc/systclt.conf and changing
net.ipv4.ip_forward = 0 to
net.ipv4.ip_forward = 1 0 means off 1 means on.
Client Side Setup:
Now that we have our client key ready we can install the OpenVPN client for windows from here
When installing make sure that Tap Virtual Ethernet Adapter, OpenVPN GUI and Depenedcies are ticket:
then just click next and say yes to everything.
Then we need to make the client config file so go to
C:\Program Files\OpenVPN\config and make a new text file called whateveryoulike.conf and paste this in it:
client dev tun proto udp remote x.x.x.x 1194 # change x.x.x.x to your servers ip and port to your VPN port resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 3 <ca> Paste the contents of ca.crt here </ca> <cert> Paste the contents of client.crt here </cert> <key> Paste the contents of client.key here </key>
And replace all the text that needs replacing whith the content of the client flies found in
/etc/openvpn/easy-rsa/2.0/keys. Once thats done launch the OpenVPN GUI Right mouse click the icon select your name and click connect!
To test if its working just google 'my ip' and it should return you your servers IP.