Simple OpenVPN setup
This will explain how to setup a simple OpenVPN tunnel between two computers (at a time). If someone attempts to connect while another person is already connected, that person will get bounced from the VPN tunnel..
On the server-side :
-
yum install openvpn
-
edit /etc/openvpn/server.conf
dev tun ifconfig 10.0.0.1 10.0.0.2 secret static.key port 1194 proto udp user nobody group nobody daemon comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key log /var/log/openvpn.log verb 1 -
openvpn –genkey –secret /etc/openvpn/static.key
-
share the static.key file with the client over a secure channel (gpg crypted, scp,…)
-
open port udp/1194 under your NAT/firewall/any security appliance
On the client-side :
-
Linux : yum install openvpn Windows : install OpenVPN client from http://www.openvpn.se/
-
Edit client.conf and put it either under /etc/openvpn/ for linux or under the conf directory under Windows
remote remote.hostname.be or remote IP dev tun port 1194 proto udp comp-lzo ifconfig 10.0.0.2 10.0.0.1 secret static.key route 192.168.100.0 255.255.255.0 (optional) -
Make sure static.key is on the client machine
See http://www.openvpn.se/screenshots.html for screenshots
-
You should now be able to connect to the VPN and ping 10.0.0.1 unless your security setup doesn’t allow it to
-
If you need to reach the 192.168.100.0/24 subnet on the server to access certains services, add the line “route 192.168.100.0 255.255.255.0” to your client config file.. Depending on your firewall configuration you may need to allow ip forwarding from the incoming interface (tun0) to the internal interface (let’s say eth1)..
This is how I did it :
iptables -A FORWARD -i eth1 -o tun0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i tun0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT