10.1.10

:: install openvpn on linux centos ::

:: what is
please take a look at this.

:: note
this trick configuring openvpn to use auth-pam plugins (username and password on account system)



:: add openvpn repository
[root@tox ~]# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm

:: install openvpn with lzo 
[root@tox ~]# yum install openvpn lzo-devel zlib zlib-devel openssl-devel

:: configure openvpn
+ make certiticate openvpn on server 
[root@tox ~]# cd /usr/share/openvpn/easy-rsa/2.0/
[root@tox 2.0]# . ./vars 
[root@tox 2.0]# ./clean-all 
[root@tox 2.0]# ./build-ca 
[root@tox 2.0]# ./build-key-server servername
[root@tox 2.0]# ./build-dh 
[root@tox 2.0]# cp ca.crt dh1024.pem servername.key servername.crt /etc/openvpn/

+ configure openvpn.conf
[root@tox ~]# cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn/
[root@tox ~]# vi /etc/openvpn/server.conf 
# 
# change configure some like this:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/servername.crt
key /etc/openvpn/servername.key  
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

# make direct gateway and use google dns public server
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 20

# enable openvpn to used account system
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
note: for /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so absolute path on your system maybe deferent, you can find with this command:
[root@tox ~]# find / -name "openvpn-auth-pam.so"

:: starting openvpnd
[root@tox ~]# /etc/init.d/openvpn start

:: testing on windows client
+ download and install openvpn-client-for-windows.
+ copy your ca.crt from server to client and save to C:\Program Files\OpenVPN\config
+ make client.ovpn file configuration for connecting to server, some like this:
client
dev tun
proto udp
remote _ip_server_ 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
verb 3
comp-lzo
you can make client.ovpn with notepad, save as the file on C:\Program Files\OpenVPN\config with File name : client.ovpn and Save as type : All files then click Save.
+ make sure your windows firewall is off.
+ running your openvpn-client and login with username/password on your server.

:: link
+ googlelinux
+ blackonsole
at 08:56
Labels: ,