OPEN VPN Server Installation and Configuration on Centos 6.5 (PART-II)

OPEN VPN Server Installation and Configuration on Centos 6.5 (PART-II)

by -
0 1177

Open VPN Client Configuration on Centos 6.5:

Install and Enable Epel repository:
## RHEL/CentOS 6 64-Bit ##
[root@vpn ~]# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-68.noarch.rpm
[root@vpn ~]# rpm -ivh epel-release-6-8.noarch.rpm
[root@vpn ~]# yum install openvpn –y

Copy sample Client configuration file under /etc/openvpn:
[root@vpn ~]# cp /usr/share/doc/openvpn-2.3.10/sample/sample-config-files/client.conf /etc/openvpn/

[root@vpn openvpn]# vim client.conf
Edit the following settings:
Client
dev tap0
;dev tun
remote 192.168.0.120 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key

[root@vpn openvpn]# openvpn –config client.conf
Fri Apr  8 00:46:19 2016 OpenVPN 2.3.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH][IPv6] built on Jan  4 2016
Fri Apr  8 00:46:19 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Fri Apr  8 00:46:19 2016 Socket Buffers: R=[124928->124928] S=[124928->124928]
Fri Apr  8 00:46:19 2016 UDPv4 link local: [undef]
Fri Apr  8 00:46:19 2016 UDPv4 link remote: [AF_INET]192.168.0.120:1194
Fri Apr  8 00:46:19 2016 TLS: Initial packet from [AF_INET]192.168.0.120:1194, sid=378b6c31 0b2da5c4
Fri Apr  8 00:46:19 2016 VERIFY OK: depth=1, C=IN, ST=DL, L=Delhi, O=kvit.in, OU=IT, CN=kvit.in CA, name=EasyRSA, emailAddress=it@kvit.in
Fri Apr  8 00:46:19 2016 Validating certificate key usage
Fri Apr  8 00:46:19 2016 ++ Certificate has key usage  00a0, expects 00a0
Fri Apr  8 00:46:19 2016 VERIFY KU OK
Fri Apr  8 00:46:19 2016 Validating certificate extended key usage
Fri Apr  8 00:46:19 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server               Authentication
Fri Apr  8 00:46:19 2016 VERIFY EKU OK
Fri Apr  8 00:46:19 2016 VERIFY OK: depth=0, C=IN, ST=DL, L=Delhi, O=kvit.in, OU=IT, CN=server, name=EasyRSA, emailAddress=it@kvit.in
Fri Apr  8 00:46:19 2016 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Fri Apr  8 00:46:19 2016 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Fri Apr  8 00:46:19 2016 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Fri Apr  8 00:46:19 2016 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Fri Apr  8 00:46:19 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Apr  8 00:46:19 2016 [server] Peer Connection Initiated with [AF_INET]192.168.0.120:1194
Fri Apr  8 00:46:21 2016 SENT CONTROL [server]: ‘PUSH_REQUEST’ (status=1)
Fri Apr  8 00:46:21 2016 PUSH: Received control message: ‘PUSH_REPLY,route 10.8.0.0 255.255.255.0,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0’
Fri Apr  8 00:46:21 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Apr  8 00:46:21 2016 OPTIONS IMPORT: –ifconfig/up options modified
Fri Apr  8 00:46:21 2016 OPTIONS IMPORT: route options modified
Fri Apr  8 00:46:21 2016 OPTIONS IMPORT: route-related options modified
Fri Apr  8 00:46:21 2016 ROUTE_GATEWAY 192.168.0.254/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:98:be:2f
Fri Apr  8 00:46:21 2016 TUN/TAP device tap0 opened
Fri Apr  8 00:46:21 2016 TUN/TAP TX queue length set to 100
Fri Apr  8 00:46:21 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Apr  8 00:46:21 2016 /sbin/ip link set dev tap0 up mtu 1500
Fri Apr  8 00:46:21 2016 /sbin/ip addr add dev tap0 10.8.0.2/24 broadcast 10.8.0.255
Fri Apr  8 00:46:21 2016 /sbin/ip route add 10.8.0.0/24 via 10.8.0.1
RTNETLINK answers: File exists
Fri Apr  8 00:46:21 2016 Initialization Sequence Completed

Leave the above window as it is and open a new window and you will notice that system is having a virtual adaptor added to pc.

[root@vpn openvpn]# service  openvpn start
Starting openvpn:                                          [  OK  ]
[root@vpn openvpn]# chkconfig openvpn on
[root@vpn openvpn]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:98:BE:2F
inet addr:192.168.0.121  Bcast:192.168.0.255  Mask:255.255.255.0
tap0      Link encap:Ethernet  HWaddr D2:C2:C6:63:D7:EB
inet addr:10.8.0.2  Bcast:10.8.0.255  Mask:255.255.255.0

Now, we can see that tab0 device is showing with having ip address 10.8.0.2 next to the vpn server ip 10.8.0.1.
Now, I am able to ping vpn server on virtual device tap0.
[root@vpn openvpn]# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=2.31 ms

Open VPN Client Configuration on windows 7:

The first step is to download the openvpn client for windows. You can find the openvpn packages for different operating system from the below official openvpn link.
https://openvpn.net/index.php/open-source/downloads.html

1

2

On VPN server:
[root@vpn keys]# chmod 644 window.key
Now, next is to copy ca.crt, window.crt and window.key from vpn server to window pc.
Go to C:\program files\openvpn
Copy client from sample-config folder and then copy it to config folder.
Copy ca.crt, window.crt and window.key from vpn server to config folder under C:\program files\openvpn

3

Click on start > click on OpenVPN GUI
Then go to the right side botton and select openvpn gui and right click on it and select edit config as shown below.

4

Edit the setting in config file as below:
Client
dev tap
;dev tun
;proto tcp
proto udp
remote 192.168.0.120 1194        (enter here your vpn server ip)
;user nobody
;group nobody
(Give the name of the certificate and key copied in config file)
ca ca.crt
cert window.crt
key window.key
Save the file and exit.
Now, again go to the right side bottom and select openvpn gui and right click on it and select connect as shown below. This will connect you to your vpn server and you will notice virtual ip 10.8.0.3.

5

Download PDF

NO COMMENTS

Leave a Reply

Required Captcha *