Set up OpenVPN on Centos 5 by Brendan Horan

I've decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.

First thing I needed to do was to log into my VPS control panel (vePortal) and enable "Tun/Tap" this will make the "/dev/net/tun" device visible inside OpenVZ. You may or may not need to do that.

Next thing was to add the RPMForge repo Download the rpm.

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm">http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Import the GPG key for the repo

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

Check to see if the downloaded RPM is tampered with.

# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm

Install the RPM

# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm

Now you can install OpenVPN.

# yum install openvpn.x86_64

Now we need to configure the server.

Find where the easy-rsa files are located

# find / -name easy-rsa

That should return a full path to where the easy-rsa directory and tools are, we need to copy them to "/etc/openvpn"

# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn

Change into the following directory and edit the "vars" file

# cd /etc/openvpn/easy-rsa/2.0

Edit the vars file

# vim vars

You must change at last the following to match your setup :

export KEY_COUNTRY=
export KEY_PROVINCE=
export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

Source the vars file :

# source ./vars

Clean any existing builds :

# ./clean-all

Build the CA :

# ./build-ca

Next we need to build the server keys :

# ./build-key-server server

Then we build the client key :

# ./build-key client

(you can call this what eve you want)

Lastly we build the Diffie Hellman key :

# ./build-dh

Lets relocate the keys we just made. Copy the following three files to your client "ca.crt client.crt client.key"

Copy the following server keys to "/etc/openvpn"

# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Now we need to configure the server. Copy over a template.

# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

This is what my config looks like, its very smilar to the example config.

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
mssfix 1400
cipher AES-128-CBC

Start the server

# /etc/init.d/openvpn start

Check /var/log/message , you should see "Initialization Sequence Completed" You also should now see a "tun0" interface under ifconfig

Set it to start on boot.

# chkconfig openvpn on