Skip to content Skip to sidebar Skip to footer

Setup OpenVPN CentOS 32Bit


This post is specifically for those of you who want to learn how to install OpenVPN on a server (VPS), especially CentOS 32bit.
How to :
Access SSH Root using puTTy or Bitvise Tunnelier, then enter the commands below carefully.

yum install gcc make
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install rpm-build
yum install autoconf.noarch
yum install zlib-devel
yum install pam-devel
yum install openssl-devel
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install openvpn
cp -r /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R
cd /etc/openvpn
vi 443.conf

Press the [ i ] button on the keyboard and enter Server Configuration in this step.

Example of Server Configuration:

local IPSERVER
port 443
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.11.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route-method exe"
push "route-delay 2"
keepalive 5 30
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
status server-vpn.log
verb 3

Press the Esc key on the keyboard and continue typing the command :wq [ENTER]
Next, restart OpenVPN.

service openvpn restart
chkconfig openvpn on
nano /etc/sysctl.conf

Set default Value 0 menjadi 1

find net.ipv4.ip_forward  and give value = 1

Note: if there is an error message when running the nano command. First install Nano with the command:
yum install nano 
lanjut ke setingan iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.11.0.0/24  -j SNAT --to IPSERVER
service iptables save
service iptables restart
chkconfig iptables on

Done... now you just have to copy the certificate file [ca.crt] using FTP software. This certificate file will later be used on the client side so that it can connect to the VPN server that you just installed. And don't forget... later this ca.crt file will be made into one folder with the [config] clients configuration in the directoryconfig di openvpn ( C:\Program Files\OpenVPN\config )

The ca.crt file is in the directory:
/etc/openvpn/keys/
Contoh Config for Clients :

client
proto tcp
persist-key
persist-tun
dev tun
pull
comp-lzo
ns-cert-type server
verb 3
mute 2
mute-replay-warnings
auth-user-pass
redirect-gateway def1
script-security 2
route-method exe
route-delay 2
remote IPSERVER 443
cipher AES-128-CBC
ca ca.crt