Monday 20 April 2015

OPENVPN - Complete Setup - Bridge Mode


The following setup has been tested with both Windows ( win 7 ) and linux ( Cent OS 6 ) VPN clients.

Open VPN server: 192.168.201.128
Test node : 192.168.201.129

OpenVPN server and the test node are in the same LAN

SERVER CONFIG

On the open vpn server install the following

$yum install epel-release
$yum install openvpn easy-rsa bridge-utils -y

Now its time to configure the open vpn server

move to the easy-rsa directory to create the certificates and keys
$cd /usr/share/easy-rsa/2.0

change the variables to the requirement
$vim vars

# line 64: change to your own environment
export KEY_COUNTRY="JP"
export KEY_PROVINCE="Hiroshima"
export KEY_CITY="Hiroshima"
export KEY_ORG="GTS"
export KEY_EMAIL="root@dlp.server.world"
export KEY_OU="Server_World"

$source ./vars

$./clean-all

Build ca.crt
$./build-ca

Build server key and cert
$./build-key-server server

$./build-dh

To build the client cert and key
$./build-key client

Now copy the keys directory to /etc/openvpn directory

$cp -pR /usr/share/easy-rsa/2.0/keys /etc/openvpn/keys

Now create a user in the VPN server for VPN connection authentication

$useradd client1
$passwd client1

Now copy the sample config file to /etc/openvpn

$cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/

Make the following changes to server.conf in /etc/openvpn/ directory, or just copy the below contents and paste. ( Change the IP addresses as required)

$vim /etc/openvpn/server.conf


#################################################################################
#Enable plugin for VPN connection authentication
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login

#change if need (listening port)
port 1194

#uncomment tcp and comment out udp
proto tcp
;proto udp

# change to tap which uses bridge mode
dev tap0
;dev tun

#change path for certificates
ca keys/ca.crt
cert keys/server.crt
key keys/server.key

#change path for certificates
dh keys/dh2048.pem

#uncomment and change ⇒ [VPN server's IP] [subnetmask] [the range of IP for client]
server-bridge 192.168.201.128 255.255.255.0 192.168.201.150 192.168.201.199


# keepalive settings
keepalive 10 120

#enable compress
comp-lzo

# enable persist options
persist-key
persist-tun

#uncomment and specify logs
log /var/log/openvpn.log
log-append /var/log/openvpn.log

# specify log level (0 - 9, 9 means debug lebel)
verb 3
user nobody
group nobody

#################################################################################
Now copy the startup and shutdown scripts to /etc/openvpn directory

$cp /usr/share/doc/openvpn-*/sample/sample-scripts/bridge-start /etc/openvpn/openvpn-startup
$cp /usr/share/doc/openvpn-*/sample/sample-scripts/bridge-stop /etc/openvpn/openvpn-shutdown

Now make them executables
$chmod 755 /etc/openvpn/openvpn-startup /etc/openvpn/openvpn-shutdown

Make the following changes to the start up script
$vim /etc/openvpn/openvpn-startup

#################################################################################
# line 17-20: change
eth="eth0" # change if need
eth_ip="192.168.201.128"# IP for bridge interface
eth_netmask="255.255.255.0"# subnet mask
eth_broadcast="192.168.0.255"# broadcast address
# add follows to the end: define gateway
eth_gw="192.168.201.2" # default gateway in my setup
route add default gw $eth_gw

#################################################################################

Enable IP forwarding via openvpn init script,

vim /etc/rc.d/init.d/openvpn

# line 133: uncomment
echo 1 > /proc/sys/net/ipv4/ip_forward

Now start all the services. In my example i will be stopping the firewall ( Iptables )
service iptables stop
service openvpn start
chkconfig openvpn on


CLIENT CONFIG

 Install the openVPN gui for windows from here

In cent os just install epel-release and install openvpn

$yum install epel-release -y

$yum install openvpn -y

Create the config file with the following contents

save the file as ".ovpn"

Replace X.X.X.X with the VPN server IP
#################################################################################
client
auth-user-pass
dev tap
proto tcp
remote X.X.X.X 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
contents of ca.crt
</ca>
<cert>
contents of client.crt
</cert>
<key>
contents of client.key

</key>

#################################################################################


In windows copy the config file to "C:\Program Files\OpenVPN\config", and try to connect, it will request for username and password


Once connected you should be able to reach and connect to the test node which is in the same LAN as you VPN server


In Linux client you have to run the following command to connect

$openvpn <configfile.ovpn>





Thats all folks.....








at

1 comment:

  1. bainbrydgemacdonell3 March 2022 at 06:40

    Casino Games for PC | DrmCD
    All 여주 출장마사지 the Casino Games available for Windows PC, Mac, Linux, Mobile 원주 출장마사지 and they 서울특별 출장샵 were built by the famous software provider. The games 거제 출장마사지 are a great addition to 영천 출장마사지 the

    ReplyDelete

Subscribe to: Post Comments (Atom)

High Availability with IREDMAIL Integrated with Active Directory

This is step by step guide for Centos 7. Server1 will be the Active node and Server2 will be the failover node. After failover when ...