Is installed on a virtual server with Centos 6.6, virtualization OpenVZ.
OpenVPN is in the repository EPEL. If you have it is not connected, you need to initially install it:
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6*.rpm
Install OpenVPN:
yum -y install openvpn easy-rsa
Go to the folder /etc/openvpn and create a configuration file there server.conf, with the following content, you can not change anything:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 comp-lzo max-clients 100 user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 3
Now you need to create server certificates.
mkdir -p /etc/openvpn/easy-rsa/keys cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh
All you can leave the default questions [y/n] answer y.
Next, create a client certificates:
./build-key client1
Everything is similar. If you want multiple clients, the operation is repeated several times, changing client1 on client2, client3 and so on.
Copy keys:
cd keys/ cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Configuring IP Forwarding. The file etc/sysctl.conf
net.ipv4.ip_forward = 0
change on
net.ipv4.ip_forward = 1
Load settings:
sysctl -p
Configuring Iptables, SERVER-IP changing the actual IP address of our server.
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to SERVER-IP iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
Above were the settings for the VPS OpenVZ, for a dedicated server a little different:
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Save the settings and restart iptables:
service iptables save service iptables restart
Start the OpenVPN server and put it in startup:
service openvpn start chkconfig openvpn on
On this server installation is complete, you are ready to configure the client to your computer.
Download and install the client the official site, then in a folder C:\Program Files\OpenVPN\config copy the file ca.crt from a folder /etc/openvpn the server and client keys folder /etc/openvpn/keys - client1.crt and client1.key.
In the same folder, create a file client.ovpn with the following contents, SERVER-IP change the IP address of your server.
client dev tun proto udp remote SERVER-IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server comp-lzo verb 3 sndbuf 0 rcvbuf 0
Run the program and connect to your server. From this point on your IP address - the IP of your server and all your traffic is encrypted and passes through a secure channel.
If you need assistance in setting up OpenVPN, you can contact our support team. Also we can provide rent virtual servers already configured OpenVPN and costs $ 5 per month.
goke |
