OpenVPN setup on VPS

I will quickly describe how I managed to get a VPN ready for my needs.
Note: at this point I was not able to bypass NAT setups but I will find some tweaks for that.

First if your fainthearted you should probably not mess that much with config files and try the solution explained here which provides a more user friendly approach.

The journey starts by installing the server on your VPS, from now on I assume you have a yum-based server (I run CentOS 6).
First enable RMP Forge repo, to get the latest OpenVPN packages:

yum localinstall –nogpgcheck http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm (for x86)

Then trigger the installation

yum install openvpn

Enable TUN/TAP from your VPS Control Panel and check if it’s working by:

# cat /dev/net/tun

You should get:

# cat: /dev/net/tun: File descriptor in bad state

Now go ahead and take the key and certificate generators and start building keys and certificates:

# cd /usr/share/doc/openvpn-2.0.9
# cp -av easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa/

Fill the requested info or type a dot (".") to leave it empty:
# . ./vars # sh clean-all # sh build-ca # sh build-key-server server

Now that you have the server key and the certificate, build some client keys:

# sh build-key client1 # sh build-key client2

And fire up the security policies:

# sh build-dh

When you have the certificates and keys generated get the client .crt and .key plus the ca.crt files and transfer them to your clients.

Now take a configuration template and edit the configuration file:

# cd /etc/openvpn/ # cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf . // be aware of the version number as it will increase in the future # nano server.conf

My working configuration is as follows:

local <public IP of the local server>
port 80
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 127.0.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN <domain name>"
client-to-client
keepalive 10 120
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 10

Adjust the configuration to your needs.

Leave a Reply

Your email address will not be published. Required fields are marked *