Proxy Hosting Blog

We have made a tiny and soil bash speech which installs and configures OpenVPN on CentOS 5 32bit. The VPN server’s primary (and only) use is for safe browsing i.e. tunneling all your transfer through your VPS. The speech also generates your client configuration file by the side of with the de rigueur keys for authentication.

Requirements

1. CentOS 5 32bit minimal OS template

2. TUN/TAP contrivance enabled on your VPS

3. iptables NAT help

You will have to open a voucher to question for a TUN/TAP contrivance to be enabled on your VPS. If you’re not a consumer of ours and your host’s help staff doesn’t know how to do this, you may tell them to carry out the following orders on the hardware node where your VPS is hosted.

vzctl stop YOUR_VEID
vzctl set YOUR_VEID –devices c:10:200:rw –save
vzctl set YOUR_VEID –capability net_admin:on –save
vzctl start YOUR_VEID
vzctl exec YOUR_VEID “mkdir -p /dev/net; mknod /dev/net/tun c 10 200; chmod 600 /dev/net/tun”
# iptables help
vzctl stop YOUR_VEID
vzctl set YOUR_VEID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save
vzctl start YOUR_VEID

Make sure they will replace ‘YOUR_VEID’ with your VPS’s VEID and you will be ready to roll

Login to your VPS as root and carry out the following orders

wget http://vpsnoc.com/scripts/bed in-openvpn.sh
chmod +x bed in-openvpn.sh
./bed in-openvpn.sh

You will be prompted to enter values for your server and client certificate, feel free to acknowledge (hit enter) the default values. Its not recommended to setup a password for your server certificate as you will have to type in the password each time you wish to start/regenerate the openvpn daemon.
You can but set a password for your client’s certificate since it offers superfluous amount of protection in case your certificate and key files are compromised. You will be prompted for that password each time you connect on your VPS’s VPN.

With the speech refined installing openvpn (must be very quick) the client keys and the openvpn client configuration file will be archived in /root/keys.tgz
You may use a sftp/scp client such as winscp or filezilla to download the archive on your notebook.

If you already house of protection’t installed openvpn for windows you may do so now.
You may use winrar or 7zip to press the content of keys.tgz in C:\Curriculum Files\OpenVPN\config\VPN (start a folder named VPN here)
With you have extracted the files from keys.tgz in the above folder, you may start openvpn-gui from the start menu, right click the tray icon, go to VPN and click connect. With the icon turns conservational all your transfer will be forwarded through your VPS, no superfluous configuration on your browser/IM client/send by e-mail client is essential.

If you’re facing issues make sure that your notebook clock is corresponding, if so make sure that your VPS’s clock is right as well. If it’s not you will have to question your host to sync it.

For any additional issues and pointer please e-mail us at help@vpsnoc.com

You may use and adjust this speech but you see fit, provided that you do not edit the first copyright.

#!/bin/bash
# Quick and soil OpenVPN bed in speech
# Tested on Centos 5.x 32bit, openvz minimal CentOS OS templates
# Please give up pointer and questions at help@vpsnoc.com

# John Malkowski vpsnoc.com 01/04/2010

ip=`grep IPADDR /etc/sysconfig/arrangement-scripts/ifcfg-venet0:0 | awk -F= ‘{print $2}’`

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum -y bed in openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.0.9/simple-rsa/ /etc/openvpn/
cd /etc/openvpn/simple-rsa/2.0/
chmod +rwx *
. ../vars
./sterile-all
fund ./vars

echo -e “\n\n\n\n\n\n\n” | ./erect-ca
clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./erect-key-server server
./erect-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo “####################################”
echo “Feel free to acknowledge default values”
echo “This is your client key, you may set a password here but it’s not essential”
echo “####################################”
./erect-key client1
cd keys/

client=”
client
diffident $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-selection DNS 10.8.0.1
verb 3″

echo “$client” > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon’

echo “$opvpn” > /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i ‘s/eth0/venet0/g’ /etc/sysconfig/iptables # soil vz fix for iptables-save
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf

/etc/init.d/openvpn start
clear

echo “OpenVPN has been installed
Download /root/keys.tgz by winscp or additional sftp/scp client such as filezilla
Start a directory named vpn at C:\Curriculum Files\OpenVPN\config\ and untar the content of keys.tgz here
Start openvpn-gui, right click the tray icon go to vpn and click connect

Comments Off , Pings Off.