centos

I recently had a need to install a VPN service in a OpenVZ container. Since I normally only use Hardware emulating VM's I ran into quite a few issues in terms of low-level networking support on this Container Virtualisation System. Turns out that you are stuck with a TUN/TAP solution as most services won't enable PPP services on their infrastructure. Also Ethernet bridging is not available (at least on the service I used) so you're stuck with NAT IP masquerading. Considering the options I thought best served with using OpenVPN server. Install Server yum --enablerepo=epel -y install openvpn Server configuration cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/ These are the contents of /etc/openvpn/server.conf local XXX.XXX.XXX.XXX #Server External IP port 1194 proto udp dev tun ca ca.crt cert SERVER.crt key SERVER.key #keep file secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" #using Google Public DNS push "dhcp-option DNS 8.8.4.4" #using Google Public DNS keepalive 10 120 comp-lzo max-clients 5 user nobody group nobody persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3 mkdir -p /etc/openvpn/easy-rsa/keys cd /etc/openvpn/easy-rsa cp -rf /usr/share/openvpn/easy-rsa/2.0/* . vim vars #Set the country (KEY_COUNTRY) #state (KEY_PROVINCE) #locality (KEY_CITY) #organisation name (KEY_ORG) #support email (KEY_EMAIL) Create certificate authority ./vars ./clean-all ./build-ca The CA key and certificate should not be in the keys directory inside the easy-rsa directory. Create certificate for the server ./build-key-server NAME_OF_SERVER Answer the questions and commit the certificate into the database Create the Diffie Hellman files These files are used for the actual…