OpenVPN Install on CentOS 6 Server

I recently had a need to install a VPN service in a OpenVZ container. Since I normally only use Hardware emulating VM's I ran into quite a few issues in terms of low-level networking support on this Container Virtualisation System. Turns out that you are stuck with a TUN/TAP solution as most services won't enable PPP services on their infrastructure. Also Ethernet bridging is not available (at least on the service I used) so you're stuck with NAT IP masquerading. Considering the options I thought best served with using OpenVPN server. Install Server yum --enablerepo=epel -y install openvpn Server configuration cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/ These are the contents of /etc/openvpn/server.conf local XXX.XXX.XXX.XXX #Server External IP port 1194 proto udp dev tun ca ca.crt cert SERVER.crt key SERVER.key #keep file secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" #using Google Public DNS push "dhcp-option DNS 8.8.4.4" #using Google Public DNS keepalive 10 120 comp-lzo max-clients 5 user nobody group nobody persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3 mkdir -p /etc/openvpn/easy-rsa/keys cd /etc/openvpn/easy-rsa cp -rf /usr/share/openvpn/easy-rsa/2.0/* . vim vars #Set the country (KEY_COUNTRY) #state (KEY_PROVINCE) #locality (KEY_CITY) #organisation name (KEY_ORG) #support email (KEY_EMAIL) Create certificate authority ./vars ./clean-all ./build-ca The CA key and certificate should not be in the keys directory inside the easy-rsa directory. Create certificate for the server ./build-key-server NAME_OF_SERVER Answer the questions and commit the certificate into the database Create the Diffie Hellman files These files are used for the actual…

Continue Reading OpenVPN Install on CentOS 6 Server

Installing Poptop (pptpd) VPN Server on CentOS 6

For roaming mobile clients PPTP (Point-to-Point Tunneling Protocol) is still the quickest way to get VPN connections to tunnel traffic over a secure link. Installation I always prefer installation via a yum repository as this will ensure patches are applied during regular system updates sudo rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP sudo rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm sudo yum install ppp pptpd -y Configuration Note: replace $USERNAME and $PASSWORD with actual values IP configuration echo "localip 192.168.0.1" >> /etc/pptpd.conf echo "remoteip 192.168.0.100-199" >> /etc/pptpd.conf DNS configuration echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd Authentication configuration echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets Firewall config service iptables start echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE service iptables restart service iptables save chkconfig iptables on Start ppptd chkconfig pptpd on service pptpd start

Continue Reading Installing Poptop (pptpd) VPN Server on CentOS 6