VPN:OpenVPN @Dec 16, 2012 12:03:06 PM

To quote from http://openvpn.net/

"OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol"

I'm going to create one VPN server and allow some clients to connect to it. This might be useful if you have one server on the Internet and others that are behind various firewalls to create secure Virtual Private Networks to it.

Install on the server. Ubuntu would be like this (my server is Red Hat and I forget how I installed, because it was that long ago:

sudo apt-get -y install openvpn

Copy the easy-rsa scripts from the install directory to /etc/openvpn

sudo cp -ar /usr/share/doc/openvpn-2.0/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa

Clean and edit the environment variables, which saves a lot of typing in the next part

sudo init-config
sudo vim vars
sudo . ./vars

Clean out the keys and build the SSL ca certificate

sudo sh ./clean-all
sudo sh ./build-ca

Build the server's keys

sudo sh ./build-key-server server

Build any client's keys

sudo sh ./build-key client1
sudo sh ./build-key client2

Build the Diffie-Hellman parameter (key) file

sudo sh ./build-dh

Copy the default server config file from the install directory to /etc/openvpn

cd /etc/openvpn
sudo cp /usr/share/doc/openvpn-2.0/sample-config-files/server.conf ./

Copy the server's certificates and keys to /etc/openvpn

sudo cp -a easy-rsa/keys/ca.crt ./
sudo cp -a easy-rsa/keys/server.crt ./
sudo cp -a easy-rsa/keys/server.key ./
sudo cp -a easy-rsa/keys/dh1024.pem ./

Edit the Open VPN server's config file

sudo vi server.cong

Restart the OpenVPN service

sudo /etc/init.d/openvpn restart

sudo service openvpn restart

To quote from http://openvpn.net/

''"OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol"''

I'm going to create one VPN server and allow some clients to connect to it. This might be useful if you have one server on the Internet and others that are behind various firewalls to create secure Virtual Private Networks to it.

Install on the server. Ubuntu would be like this (my server is Red Hat and I forget how I installed, because it was that long ago:
@@@@
sudo apt-get -y install openvpn

Copy the easy-rsa scripts from the install directory to /etc/openvpn
@@@@
sudo cp -ar /usr/share/doc/openvpn-2.0/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa

Clean and edit the environment variables, which saves a lot of typing in the next part
@@@@
sudo init-config
sudo vim vars
sudo . ./vars

Clean out the keys and build the SSL ca certificate
@@@@
sudo sh ./clean-all
sudo sh ./build-ca

Build the server's keys
@@@@
sudo sh ./build-key-server server

Build any client's keys
@@@@
sudo sh ./build-key client1
sudo sh ./build-key client2

Build the Diffie-Hellman parameter (key) file 
@@@@
sudo sh ./build-dh

Copy the default server config file from the install directory to /etc/openvpn
@@@@
cd /etc/openvpn
sudo cp /usr/share/doc/openvpn-2.0/sample-config-files/server.conf ./

Copy the server's certificates and keys to /etc/openvpn
@@@@
sudo cp -a easy-rsa/keys/ca.crt ./
sudo cp -a easy-rsa/keys/server.crt ./
sudo cp -a easy-rsa/keys/server.key ./
sudo cp -a easy-rsa/keys/dh1024.pem ./

Edit the Open VPN server's config file
@@@@
sudo vi server.cong

Restart the OpenVPN service
@@@@
sudo /etc/init.d/openvpn restart

OR
@@@@
sudo service openvpn restart

mdsh.com/wiki

mdsh.com /wiki