{"id":479,"date":"2011-02-04T12:29:38","date_gmt":"2011-02-04T12:29:38","guid":{"rendered":"http:\/\/www.esds.co.in\/data-centers\/kb\/?p=479"},"modified":"2015-06-22T12:01:06","modified_gmt":"2015-06-22T12:01:06","slug":"installing-and-configuring-the-linux-vpn-server","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/","title":{"rendered":"Installing and configuring the Linux VPN Server"},"content":{"rendered":"

\"\"VPN – it’s an encrypted tunnel that is established between your computer and a special server. When you work with VPN, traffic is transmitted as encrypted GRE packets both from you to the server and also on the server to you. Dedicated Hosting Server <\/strong>acts as a transparent proxy for all internet protocols. It is used as proof to date encryption algorithm.<\/p>\n

Installing Linux VPN-server<\/strong><\/p>\n

In the basic package repositories, CentOS OpenVPN is missing, so we
\nconnect an additional repository – EPEL, from him and put.
\nInstall OpenVPN<\/p>\n

# Yum-y install openvpn<\/p>\n

Add to autostart when the server starts<\/strong><\/p>\n

# Chkconfig openvpn on<\/p>\n

Configure Linux VPN-server<\/strong><\/p>\n

Location of directories and files OpenVPN.<\/p>\n

\/ Usr \/ sbin \/ openvpn – Location binary OpenVPN;
\n\/ Etc \/ openvpn \/ – The location of the configuration file and key \/ certificate;
\n\/ Usr\/share\/doc\/openvpn-2.1 \/ – lots of examples OpenVPN configuration file for all occasions;
\n\/ Usr \/ share \/ openvpn \/ easy-rsa \/ – The location of a set of scripts generating the necessary files for OpenVPN;
\n\/ Var \/ run \/ openvpn \/ – Location of PID-file OpenVPN;
\n\/ Usr \/ lib \/ openvpn \/ plugin \/ lib \/ – Several dynamic libraries;
\nvar \/ log \/ openvpn.log – By default, logging occurs in the file \/ var \/ log \/ messages, for OpenVPN we wound up a separate log-file and it will be located in \/ var \/ log \/<\/p>\n

In this module we will consider setting VPN-server and several clients who will work through it.<\/p>\n

Network 192.168.146.0\/24 is an ordinary unsecured network. In this network, there is our future VPN-server with the IP-address 192.168.146.150 (it is a DNS-server) and two clients, one client the other Linux-Windows-client (Windows XP).<\/p>\n

10.10.10.0\/24 network will be our VPN-network, all traffic on the network will be encrypted. This may be a network of private recruitment networks (10.0.0.0 \/ 8, 172.16.0.0\/12 or 192.168.0.0\/16, defined in RFC 1918 and RFC 4193 which can be found at ietf.org) so you may not use it.<\/p>\n

When OpenVPN server is configured , we define the VPN-network then the first IP-address of the network will be assigned to VPN-server. This will let all the traffic go through the customer VPN-server.<\/p>\n

When you configure the VPN-network, it generate multiple keys and certificates that will be used for authentication. OpenVPN has great functionality, but it is quite common configuration and may take 15-20 lines per server and 10 lines for a client and you’ll see a little later.<\/p>\n

In the directory \/ etc \/ openvpn \/ copy a set of scripts to quickly and easily generate all the necessary keys and certificates.<\/p>\n

# Cp-R \/ usr\/share\/openvpn\/easy-rsa\/2.0 \/ \/ etc \/ openvpn \/<\/p>\n

Change into the directory<\/strong><\/p>\n

# Cd \/ etc\/openvpn\/2.0 \/<\/p>\n

Open to edit the file vars and at the very end of the AC to the form:
\nexport KEY_COUNTRY = \u00bbIN\u00bb
\nexport KEY_PROVINCE = \u00bbIN\u00bb
\nexport KEY_CITY = \u00bbNasik\u00bb
\nexport KEY_ORG = \u00bbcompany.in\u00bb
\nexport KEY_EMAIL = \u00bbsupport@company.in\u00bb<\/p>\n

Initialize variables<\/strong><\/p>\n

# Source. \/ Vars<\/p>\n

Clear the keys directory of old files<\/strong><\/p>\n

#. \/ Clean-all<\/p>\n

Create a ROOT CERTIFICATE AUTHORITY (CA) certificate \/ key (in the directory \/ etc\/openvpn\/2.0\/keys \/ files have been created and ca.crt ca.key)<\/p>\n

#. \/ Build-ca<\/p>\n

Create key and certificate for the server (in directory \/ etc\/openvpn\/2.0\/keys \/ files have been created server.crt, server.key and server.csr). Format command:. \/ Build-key-server ServerName – where ServerName is name server.<\/p>\n

#. \/ Build-key-server server<\/p>\n

Generate Diffie Hellman parameters for the server. The essence of the Diffie Hellman algorithm establish a secure connection over insecure channels. By default, the file length of 1024 bits, which is even sufficient. After executing, this command will create a file \/ etc\/openvpn\/2.0\/keys\/dh1024.pem<\/p>\n

#. \/ Build-dh<\/p>\n

The generation of files for the server colocation<\/strong> is complete, you can now add customers here with the command (files have been created client1.crt, client1.key and client1.csr). Due to the fact that we have to edit the file vars and indicated values of the variables by default, we are in the majority of requests for data input will be sufficient to just press Enter.<\/p>\n

#. \/ Build-key client1<\/p>\n

Generating a 1024 bit RSA private key
\n… … ++++++
\n… … … … … ..++++++
\nwriting new private key to ‘client1.key’
\n–
\nYou are about to be asked to enter information that will be incorporated into your certificate request.<\/p>\n

What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, The field will be left blank.<\/p>\n

Country Name (2 letter code) [IN]: [Enter]
\nState or Province Name (full name) [IN]: [Enter]
\nLocality Name (eg, city) [Nasik]: [Enter]
\nOrganization Name (eg, company) [company.in]: [Enter]
\nOrganizational Unit Name (eg, section) []: IT Dept
\nCommon Name (eg, your name or your server’s hostname) [client1]: [Enter]
\nName []: [Enter]
\nEmail Address [support@company.in]: [Enter]
\nPlease enter the following ‘extra’ attributes
\nto be sent with your certificate request
\nA challenge password []: [Enter]
\nAn optional company name []: [Enter]
\nUsing configuration from \/ etc\/openvpn\/2.0\/openssl.cnf
\nCheck that the request matches the signature
\nSignature ok
\nThe Subject’s Distinguished Name is as follows
\ncountryName PRINTABLE: ‘IN’
\nstateOrProvinceName PRINTABLE: ‘IN’
\nlocalityName PRINTABLE: Nasik
\norganizationName PRINTABLE: ‘company.in’
\norganizationalUnitName PRINTABLE: ‘IT Dept’
\ncommonName PRINTABLE: ‘client1’
\nemailAddress: IA5STRING: ‘support@company.in’
\nCertificate is to be certified until Apr 21 11:16:28 2019 GMT (3650 days)
\nSign the certificate? [Y \/ n]: y
\n1 out of 1 certificate requests certified, commit? [Y \/ n] y
\nWrite out database with 1 new entries
\nData Base Updated<\/p>\n

Common Name must be unique for everyone.<\/strong><\/p>\n

All the necessary files for the VPN-server will be located in \/ etc \/ openvpn \/ so copy them back from the directory \/ etc\/openvpn\/2.0\/keys \/<\/p>\n

# Cp keys \/ {ca.crt, ca.key, server.crt, server.key, dh1024.pem} .. \/<\/p>\n

Copy the template configuration file VPN-server in \/ etc \/ openvpn \/ and give it to the configuration listed below.<\/p>\n

# Cp \/ usr\/share\/doc\/openvpn-2.1\/sample-config-files\/server.conf \/ etc \/ openvpn \/
\nopenvpn.conf<\/p>\n

The content of the configuration file VPN-server (\/ etc \/ openvpn \/
\nopenvpn.conf):
\nlocal 192.168.146.150
\nport 1194
\nproto tcp
\ndev tun
\nca ca.crt
\ncert server.crt
\nkey server.key
\ndh dh1024.pem
\nserver 10.10.10.0 255.255.255.0
\nifconfig-pool-persist ipp.txt
\npush \u00abroute 0.0.0.0 255.255.255.0\u00bb
\npush \u00abdhcp-option DNS 192.168.146.150\u00bb
\npush \u00abredirect-gateway\u00bb
\nclient-to-client
\nkeepalive 10 120
\ncomp-lzo
\nuser nobody
\ngroup nobody
\npersist-key
\npersist-tun
\nstatus openvpn-status.log
\nlog \/ var \/ log \/ openvpn.log
\nverb 3
\nmute 10<\/p>\n

The default route we rewrite removing old, we must use the “redirect-gateway”, if you want to stay too old then the line push \u00abredirect-gateway\u00bb
\nshall be such that: push “redirect-Gateway DEF1”<\/p>\n

At the VPN-server, you must enable IP Forwarding, since our server will route the traffic.<\/p>\n

# Echo ‘1 ‘> \/ proc\/sys\/net\/ipv4\/ip_forward<\/p>\n

The above command will immediately begin to route traffic, but the state option when rebooting the server does not persists. To enable IP forwarding on a permanent basis you must edit the file \/ etc \/ sysctl.conf<\/p>\n

In the file \/ etc \/ sysctl.conf find this line: net.ipv4.ip_forward = 0
\nand change it to: net.ipv4.ip_forward = 1<\/p>\n

In order for traffic to VPN-client has reached our server could get into other networks and successfully returned to us must include Network Address Translation (NAT). We will do this with iptables here is the command:<\/p>\n

# Iptables-t nat-A POSTROUTING-s 10.10.10.0\/24-o eth0-j MASQUERADE<\/p>\n

In the switch-o is specified our network interface to external networks, in a key-s indicate our VPN-network, you do it may be another. Also an interesting point – for my Linux-client NAT is not needed, but if you have a Windows-clients of the command iptables is needed.<\/p>\n

Configuring VPN-server is finished and we can run it.<\/strong><\/p>\n

# Service openvpn start<\/p>\n

Now the generated files should be transferred to the client machine. Highly desirable to do so safely, so the files had not been intercepted by hackers. On a Linux-client files can be transferred using the command scp, in this case, all traffic
\nwill be encrypted. Being in the directory \/ etc \/ openvpn \/ execute this command:<\/p>\n

# Scp ca.crt 2.0\/keys\/client1.key 2.0\/keys\/client1.crt client1@192.168.146.134: ~<\/p>\n

where client1 – Your username on the remote machine while 192.168.146.134 – its IP-
\naddress. As a result of this command on a remote computer we will copy the file ca.crt – CA certificate and the certificate \/ key customer, they will need it to connect to a VPN-server.<\/p>\n

Further, these files should be moved to \/ etc \/ openvpn \/ as the user
\nroot or another entitled to an entry in the directory.<\/p>\n

Done.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

VPN – it’s an encrypted tunnel that is established between your computer and a special server. When you work with VPN, traffic is transmitted as encrypted GRE packets both from you to the server and also on the server to you. Dedicated Hosting Server acts as a transparent proxy for all internet protocols. It is… <\/p>\n

<\/div>\n

Read More<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[77,199,200],"aioseo_notices":[],"yoast_head":"\nInstalling and configuring the Linux VPN Server<\/title>\n<meta name=\"description\" content=\"KB includes step by step procedure of Installing and configuring the Linux VPN Server, including VPN Server description and its work process.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Installing and configuring the Linux VPN Server\" \/>\n<meta property=\"og:description\" content=\"KB includes step by step procedure of Installing and configuring the Linux VPN Server, including VPN Server description and its work process.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\" \/>\n<meta property=\"og:site_name\" content=\"ESDS Official Knowledgebase\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ESDSdc\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-04T12:29:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-06-22T12:01:06+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.esds.co.in\/kb\/wp-content\/uploads\/2011\/02\/Linux-VPN-server.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ESDSDataCenter\" \/>\n<meta name=\"twitter:site\" content=\"@ESDSDataCenter\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"7 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/#website\",\"url\":\"https:\/\/www.esds.co.in\/kb\/\",\"name\":\"ESDS Official Knowledgebase\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.esds.co.in\/kb\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/www.esds.co.in\/kb\/wp-content\/uploads\/2011\/02\/Linux-VPN-server.jpg\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/#webpage\",\"url\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\",\"name\":\"Installing and configuring the Linux VPN Server\",\"isPartOf\":{\"@id\":\"https:\/\/www.esds.co.in\/kb\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/#primaryimage\"},\"datePublished\":\"2011-02-04T12:29:38+00:00\",\"dateModified\":\"2015-06-22T12:01:06+00:00\",\"author\":{\"@id\":\"https:\/\/www.esds.co.in\/kb\/#\/schema\/person\/d951a1b6843822458f3c5f5ee02a74e8\"},\"description\":\"KB includes step by step procedure of Installing and configuring the Linux VPN Server, including VPN Server description and its work process.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/\",\"url\":\"https:\/\/www.esds.co.in\/kb\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\",\"url\":\"https:\/\/www.esds.co.in\/kb\/installing-and-configuring-the-linux-vpn-server\/\",\"name\":\"Installing and configuring the Linux VPN Server\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/#\/schema\/person\/d951a1b6843822458f3c5f5ee02a74e8\",\"name\":\"ESDS ADMIN\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.esds.co.in\/kb\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5618393df3c15e5b6b3b9ef917e83827?s=96&d=mm&r=g\",\"caption\":\"ESDS ADMIN\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/posts\/479"}],"collection":[{"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/comments?post=479"}],"version-history":[{"count":19,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/posts\/479\/revisions"}],"predecessor-version":[{"id":2857,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/posts\/479\/revisions\/2857"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/media?parent=479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/categories?post=479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/kb\/wp-json\/wp\/v2\/tags?post=479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}