There are lots of services in your organization which will be implemented for e.g., email and web services and delivering those services to your users and customers. Some services are simply easier to deliver locally (e.g., file and print services). If your users are not located locally, then it would need to connect the users as if they were local, this is where the role of a virtual private network (VPN) comes in.

A VPN is a private network that runs over a public network.  They are also called tunnels, and used to secure and protect traffic public network like the Internet. The traffic over a VPN is encrypted and authenticated via an SSL certificate, a password, or a two-factor authentication mechanism.

In this article we are going to deal with setting upaOpenVPN server and client, to create a VPN and how to configure.

OpenVPN(http://openvpn.net/) is an SSL based VPN application which is open source developed by James Yonan.OpenVPN is a client/server model, where a server running on your host and clients can connect to the server and create VPN tunnels.

OpenVPN – Server Side – Install OpenVPN software.

The OpenVPN software and its dependencies are available in the EPEL repository.

We are assuming a server with hostname vpnserver.example.com running CentOS and a public IP 192.0.2.100

In a CentOS server, you can Install OpenVPN server by the following command.

yuminstallopenvpneasy-rsa

By default easy-rsascripts are located in the /usr/share/easy-rsa/ directory. Create a directory /easy-rsa/keys inside the /etc/openvpn directory and copy the scripts to /easy-rsa/keys.

mkdir -p /etc/openvpn/easy-rsa/keys

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Create CA Certificate and CA key

Edit file /etc/openvpn/easy-rsa/varsand add the values of country, email etc..inthe section

exportKEY_COUNTRY=””

exportKEY_PROVINCE=””

exportKEY_CITY=””

exportKEY_ORG=””

exportKEY_EMAIL=””

exportKEY_OU=””

savethe file and exit, navigate to /etc/openvpn/easy-rsa/ directory

cd/etc/openvpn/easy-rsa/

cp openssl-1.0.0.cnf openssl.cnf

source./vars

./clean-all

./build-ca

This will generateCA certificateand CA key.Next createa certificate and key using the command

./build-key-server [hostname]

Createcertificateand key for VPN clients using the following command

./build-key client

The keys and certificates will be generated in the directory /etc/openvpn/easy-rsa/keys/.

Copy the files to the directory /etc/openvpn/

cd/etc/openvpn/easy-rsa/keys/

cpdh2048.pemca.crt*****.crt*****.key /etc/openvpn/

VPN server Configuration.

Copy the file server.conffile to directory /etc/openvpn/

cp/usr/share/doc/openvpn-2.x.x/sample/sample-config-files/server.conf/etc/openvpn/

Find and uncomment the following  lines in the file

dhdh2048.pem

push”redirect-gateway def1 bypass-dhcp”

push”dhcp-option DNS 8.8.8.8″

push”dhcp-option DNS 8.8.4.4″

usernobody

groupnobody

Save and close

Copy the file client.conffile to /root/ (This file should be neededtolater copying to the VPN clients)

vi/root/client.conf

Add the VPN server IP address

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote  192.0.2.100 1194

Save and close.

Copy this file to your VPN client machine.

Lastly, Start the OpenVPN service using the following commands

serviceopenvpnstart

chkconfigopenvpnon

OpenVPN – Client Side – Install OpenVPN Package

Install OpenVPN package by the following command

yum install openvpn

Start the OpenVPN client service by the commands

service openvpn start

chkconfigopenvpnon

Check the tun0 interface is created by the command

Ifconfig

On successful completion  the VPN server will automatically assign an IP address to the VPN client.

Check if you can ping your VPN server from client systems