There are lots of services in your organization which will be implemented for e.g., email and web services and delivering those services to your users and customers. Some services are simply easier to deliver locally (e.g., file and print services). If your users are not located locally, then it would need to connect the users as if they were local, this is where the role of a virtual private network (VPN) comes in.
A VPN is a private network that runs over a public network. They are also called tunnels, and used to secure and protect traffic public network like the Internet. The traffic over a VPN is encrypted and authenticated via an SSL certificate, a password, or a two-factor authentication mechanism.
In this article we are going to deal with setting upaOpenVPN server and client, to create a VPN and how to configure.
OpenVPN(http://openvpn.net/) is an SSL based VPN application which is open source developed by James Yonan.OpenVPN is a client/server model, where a server running on your host and clients can connect to the server and create VPN tunnels.
OpenVPN – Server Side – Install OpenVPN software.
The OpenVPN software and its dependencies are available in the EPEL repository.
We are assuming a server with hostname vpnserver.example.com running CentOS and a public IP 192.0.2.100
In a CentOS server, you can Install OpenVPN server by the following command.
By default easy-rsascripts are located in the /usr/share/easy-rsa/ directory. Create a directory /easy-rsa/keys inside the /etc/openvpn directory and copy the scripts to /easy-rsa/keys.
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Create CA Certificate and CA key
Edit file /etc/openvpn/easy-rsa/varsand add the values of country, email etc..inthe section
savethe file and exit, navigate to /etc/openvpn/easy-rsa/ directory
cp openssl-1.0.0.cnf openssl.cnf
This will generateCA certificateand CA key.Next createa certificate and key using the command
Createcertificateand key for VPN clients using the following command
The keys and certificates will be generated in the directory /etc/openvpn/easy-rsa/keys/.
Copy the files to the directory /etc/openvpn/
VPN server Configuration.
Copy the file server.conffile to directory /etc/openvpn/
Find and uncomment the following lines in the file
push”redirect-gateway def1 bypass-dhcp”
push”dhcp-option DNS 220.127.116.11″
push”dhcp-option DNS 18.104.22.168″
Save and close
Copy the file client.conffile to /root/ (This file should be neededtolater copying to the VPN clients)
Add the VPN server IP address
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 192.0.2.100 1194
Save and close.
Copy this file to your VPN client machine.
Lastly, Start the OpenVPN service using the following commands
OpenVPN – Client Side – Install OpenVPN Package
Install OpenVPN package by the following command
yum install openvpn
Start the OpenVPN client service by the commands
service openvpn start
Check the tun0 interface is created by the command
On successful completion the VPN server will automatically assign an IP address to the VPN client.
Check if you can ping your VPN server from client systems