OpenVPN and CentOS 5 Installation and Configuration Guide
Many ppl found that installing VPN on linux is not that easy, the abvailable installation guides on VPN is often limited. I have tried a lot of installation guides and finally get it connected successfully.
Here are the steps to guide you installed a secure connection between your� CentOS5 and Windows with OpenVPN open source application.
1. Download the required package files.
#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
2. Install and build your download files
You may need the required repository before start your installation
#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel
If you have the above dependencies installed, you can start your installation as follows:
#rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpmbuild -tb openvpn-2.0.9.tar.gz
#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm
3. Copy configuration files
#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
4. CA configuration
#cd /etc/openvpn/easy-rsa/
#pico vars (or use vi editor, I just like to use pico)
then scroll down to the bottom, edit as you like.
export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”#.� ./vars (note a space between . . )
#./clean-all
5. Build CA
#./build-ca
Generating a 1024 bit RSA private key
………………………++++++
…………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@mail.com]:
Some information above already entered in step 4, hust hit enter and go to next line.
6. Building server key
#./build-key-server ovpnsrv1
Generating a 1024 bit RSA private key
………………………………….++++++
…………………….++++++
writing new private key to ‘ovpnsrv1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@email.com]:Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:<enter your password here>
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName����������RINTABLE:’AU’
stateOrProvinceName��RINTABLE:’VIC’
localityName���������RINTABLE:’MELBOURNE’
organizationName�����RINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName�����������RINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@email.com’
Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
7. Building Diffie Hellman
#./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
(Wait until it finished)
8. Copy key certificates to the required folder
#cp keys/ca.crt ../
#cp keys/dh1024.pem ../
#cp keys/ovpnsrv1.key ../
#cp keys/ovpnsrv1.crt ../
9. OpenVPN configuration
#cd ../
#pico server.conf
dev tap
;dev tun
ca ca.crt
cert ovpnsrv1.crt
key ovpnsrv1.key # This file should be kept secret
10. Startup the OpenVPN service (Finally, hold your breath)
#service openvpn restart
#chkconfig openvpn on
Windows Client Installation and Configuration
1. Download a copy of windows client
http://openvpn.net/release/openvpn-2.0.9-install.exe and install it.
2. Create CA in windows machine
Open windows cmd.exe command promp and change directory (cd) into c:\program files\openvpn\
>copy vars.bat.sample vars.bat
>edit vars.bat (scroll down to the bottom)
set KEY_COUNTRY=AU
set KEY_PROVINCE=VIC
set KEY_CITY=MELBOURNE
set KEY_ORG=THROXVPN
set KEY_EMAIL=name@mail.com
note: the above information must be same as the details set in server previously.
3. Run the file vars.bat
>vars
4. Build client’s key and certificate
>copy openssl.cnf.sample openssl.cnf
>md keys
>build-key vpnhome
5. Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys
#cd /etc/openvpn/easy-rsa/
#./sign-req vpnhome
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName����������RINTABLE:’AU’
stateOrProvinceName��RINTABLE:’VIC’
localityName���������RINTABLE:’MELBOURNE’
organizationName�����RINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName�����������RINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@mail.com’
Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
6. Copy new signed certificate to your windows machine
Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file – ca.crt and vpnhome.crt
Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config
Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config
7. Setting the client configuration for OpenVPN
Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config
Edit it with the followings changes, similar to what you have done in the linux server
dev tap
;dev tun
dev-node OpenVPN_Tap
remote <ipaddress> 1194� (example: remote 202.188.1.1 1194)
ca ca.crt
cert alanghome.crt
key alanghome.key
ns-cert-type server
8. Configure the network interface for OpenVPN
Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)”
Right-Click to rename as ‘OpenVPN_Tap’
9. Startup the connection of client
Go to START>All Programs>OpenVPN>OpenVPN GUI , click it
In the task-bar, select “OpenVPN GUI” -> right-click “Connect”
Phew…. if everything set correctly, now you should be connected to your linux via OpenVPN.
Source: http://yumax1012.blogspot.com/2007/08/install-openvpn-on-centos-44.html
Will this bypass the traffic too? I mean can i browse using it? Or it will just connect to the Linux?
thanks.
The guide will only get connected to the Linux. I believe you will need proxy like Squid to bypass your traffic.
Hello,
After execute #rpmbuild -tb openvpn-2.0.9.tar.gz it shows-
lzo-devel >= 1.07 is needed by openvpn-2.0.9-1.i386
What to do now.
Please help.
I’ve been trying for a while on how to get the service started but it keeps on saying FAILED. I tried disabling SELinux but still doesn’t work
YOU NEED TO RUN THE COMMAND LIKE BELOW
#rpmbuild — rebuild lzo-1.08-4.rf.src.rpm
Note : two “-” sign in front of rebuild. This will fix the issue
Hello,
After execute #rpmbuild -tb openvpn-2.0.9.tar.gz it shows-
lzo-devel >= 1.07 is needed by openvpn-2.0.9-1.i386
What to do now.
Please help
sivapkd Said,November 8th, 2008 @9:59 am
YOU NEED TO RUN THE COMMAND LIKE BELOW
#rpmbuild — rebuild lzo-1.08-4.rf.src.rpm
Note : two “-” sign in front of rebuild. This will fix the issue
Hello,
After execute #rpmbuild -tb openvpn-2.0.9.tar.gz it shows-
lzo-devel >= 1.07 is needed by openvpn-2.0.9-1.i386
What to do now.
Please help
you
yum install lzo-devel
Hello,
I’m trying as same with this tutorial, and the service is failed . .
how do I debug it??
Hello,
I’m also getting the same with this tutorial, and the service is failed . .
how do I debug it??
pls help me
Hi All,
After similar frustrations I posted a similar tut here:
http://www.howtoforge.com/openvpn-server-on-centos-5.2
Hope it helps somebody:)
Cameron
To install(settle) an openVPN customer under Windows.
I followed this tuto for the installation: http: // http://www.throx.net/2008/04/13/openvpn-and-ce ntos-5-installation-and-configuration-g uide/
But arrive at the stage of the connection of the customer:
To start > All the programs > OpenVPN > and there I have not OpenVPN mistletoe(boom)
Somebody in an idea??
Thank you in advance!!
This is one of the best nights !!!!! wow… the OpenVPN was like a ghost following me… and now thanks to this I can go to sleep… jejeje I was looking in hammachi, microvpn, leaf and another 3 or 4 options but OpenVPN is the only legally free solution for use in companies….
I was trying to do this a couple times months and years ago and now with this easy guide….. I did it!!!!!!!
Thanks a lot !!!!!!
For those encountering “lzo-devel >= 1.07 is needed by openvpn-2.0.9-1.i386″, install:
— ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/lzo-devel-2.02-3.el5.kb.i386.rpm and
— ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/lzo-2.02-3.el5.kb.i386.rpm
instead of the 1.08 lzo.
This fixed the issue for me (I installed the x64 versions, since I’m using a x64 Centos5)
it says
to:stupidul
error: lzo-devel-2.02-3.el5.kb.i386.rpm cannot be installed
I do the exact commands but in the next server it says
[root@d3 ~]# cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cp: cannot stat `/usr/share/doc/openvpn-2.0.9/easy-rsa/’: No such file or directory
!!!
Followed this to the letter :
http://www.howtoforge.com/openvpn-server-on-centos-5.2
But when I start the service it always returns FAILED …
Any ideas ?
Hi all ,
I am configuring openvpn client server mode in my office, please send me examle of client centos5 configuration
Regards
mallikarjun
Hi! I was surfing and found your blog post… nice! I love your blog.
Cheers! Sandra. R.
thank you so much… it works on me.
GBU
Hi! Great guide, but i still got issue.
I’m using CentOS 5.3 x64 and i get services failed if i have server.conf (or any other .conf) file in /etc/openvpn/. If its deleted, service starts, but i can’t find how to get server configuration information by default to configure client.
Any ideas?
Thanks.
I’m afraid I cannot provide any further help on this, I am just a rookie. Perhaps someone else can solve that.
got the same problem as soume86
installation went without probs
but at:
Go to START>All Programs>OpenVPN>OpenVPN GUI , click it
In the task-bar, select “OpenVPN GUI” -> right-click “Connect”
I got no OpenVPN GUI either :S
wtf
I am getting this error when I try to start the VPN service:
Starting openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
Hello
I have this error when I run : rpmbuild -tb openvpn-2.0.9.tar.gz
error: Failed build dependencies:
lzo-devel >= 1.07 is needed by openvpn-2.0.9-1.x86_64
what is problem ??
You need to upgrade lzo-devel package. Try:
yum update && yum install lzo-devel
hello
I have this error when i run: ./build-ca
error:you must define KEY_DIR
Please help me.
Thanks.
Some server which run on top of OpenVZ may experiencing an error while attempting to run the service (/etc/init.d/openvpn always resulting [FAILED]) due to no support for TUN/TAP interfaces on it.
Later I switched to a KVM based server, and it works! (and I thought it should be working on Xen too)
It is ridiculous how complicated setting up VPNs is.
you create the keys at root, then use filezilla to sftp to Your server etc/keys folder, dl the keys to your PC. those are the keys you send to the client to install in there. configuration folder along with there. opvn file.
hello, i reloaded os on my vps and im trying to reinstall openvpn, everything goes fine and i can connect to vpn but cant open any websiteeee please help
the vps is from http://spidervpn.com
CentOS 5.6
Hi, good morning. I`m would like to thanks for your tutorial. i`ve tried a lot but no success.
Your tutorial worked for me, but I had to make some changes, actually, a little additions:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum install gcc
yum install bridge-utils
yum install lzo-devel-2.04-1.el5.rf
and before create the certificates a had to update the system to prevent a error with ssl.
I made a script to install openvpn and I tested in a new machine and worked!!!!
Thanks a lot one more time.
P.S: I`m brazilian
error: failed to stat /root/.rebuild: No such file or directory
@eyeglasses
the same problem here
i got the bellow error :
Starting openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
[FAILED]
when trying to start the server(service openvpn restart)