Tuesday, October 11, 2011

How to configure OpenVPN for use with a Buffalo WZR-HP-G300NH on CentOS 5.4

***WORK IN PROGRESS***

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum update
yum install openvpn
cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn
vim /etc/openvpn/easy-rsa/2.0/vars Edit the following:

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain" cd /etc/openvpn/easy-rsa/2.0/

[root@centos 2.0]# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys

[root@centos 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys

[root@centos 2.0]# ./clean-all
[root@centos 2.0]# ./build-ca

Press Enter at all prompts because we configured the defaults already.

[root@centos 2.0]# ./build-key-server server

Leave extra attributes blank

Enter "y" and "y"

**Creating first client**

[root@centos 2.0]# ./build-key client1

Leave extra attributes blank

Enter "y" and "y"

Note: You repeat the following to create additional users. "client1" can be named anything.

[root@centos 2.0]# ./build-dh
[root@centos 2.0]# cd /etc/openvpn/easy-rsa/2.0/keys/
[root@centos keys]# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn/

**TO REVOKE**

./vars

./revoke-full client1 [root@centos keys]# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

[root@centos keys]# cp /usr/share/doc/openvpn-2.1.4//sample-config-files/client.conf ~/

cd ~/

vim ~/client.conf

# The hostname/IP and port of the server. You can have multiple remote entries to load balance between the servers.
IP of openvpn server
;remote my-server-2 1194
# SSL/TLS parms.
# See the server config file for more description. It's best to use a separate .crt/.key file pair for each client.  A single ca file can be used for all clients.

ca ca.crt
cert client1.crt
key client1.key
*add client name in file

[root@centos ~]# cp ~/client.conf ~/client1.conf
[root@centos ~]# vim /etc/openvpn/server.conf

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

[root@centos ~]# vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls the use of TCP syncookies
#net.ipv4.tcp_syncookies = 1

[root@centos ~]# sysctl -p
[root@centos ~]# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[root@centos ~]# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
[root@centos ~]# iptables -A FORWARD -j REJECT
[root@centos ~]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
[root@centos ~]# /etc/init.d/iptables save
[root@centos ~]# service openvpn start
[root@centos ~]# chkconfig openvpn on
[root@centos ~]# chkconfig iptables on

scp -v ca.crt jsmith@localmachineip:/Users/jsmith/Desktop
cd /etc/openvpn/easy-rsa/2.0/keys/
scp -v client1.crt client1.key jsmith@localmachineip:/Users/jsmith/Desktop

[root@centos ~]# scp -v ~/client1.conf user@192.168.1.109:/Users/user/Desktop

Source: Link, Link, Link

ShareThis