VPN- Virtual Private Network, and Windows, , Mac OS X. openvpn has great security features such as pre-shared security key, certificates, SSLv3/TLSv1 etc. This guide will covered simple and quickest way to install and configure VPN on Linux environment.is an open source software application that implements VPN functionality for secure point to point connection in routed or bridged configurations. Not only linux, you can use openvpn in various platforms, like
In this article you can see..
- Installation of OpenVPN 2.2.2
- Basic Server/Client Configuraion
- Some Security discussion on OpenVPN
So, lets begin with openvpn-2.2.2 Installation.
Installation of openvpn-2.2.2
There are various methods of installing openvpn application. At first you have to download openvpn-2.2.2 from here.
Install using RPM (for SUSE, Fedora,, Cent OS)
After downloading rpm .tar.gz file, enter command
rpmbuild -tb openvpn-2.2.2.tar.gz rpm -ivh openvpn-2.2.2.tar.gz rpm -uvh openvpn-2.2.2.tar.gz
Note: There is some additional dependencies that you have to maintain.
openssl-devel, Izo-devel, pam-devel.
Installation from Source
With this method you can install openvpn application in most Linux distrobutions (Such as Ubuntu server, Cent OS, Redhat,etc)
Now, enter command:
tar xfz openvpn-2.2.2.tar.gz //to extract tar file cd openvpn-2.2.2 //to enter openvpn folder ./configure //execute installation process make make install
Tips: You can also install openvpn from default commands like apt-get (for debian, ubuntu), emerge (for Gentoo). Before you use apt command update and upgrade your apt library.
Basic client server Configuration:
Before you begin with configuration you have keep in mind some important factor. openvpn uses certificate (like PKI) to establish connection between client and server. So we have to generate server key as well as client key for secure communication between nodes. In this part i will show you to generate simple key (Static key) for easy and faster VPN configuration.
Server Side Configuration:
Let’s consider 192.168.1.1 is the server and 192.168.1.2 is the client
create a new file “tun” on /etc/openvpn. and open tun file
Add those line to this file
dev tun ifconfig 192.168.1.1 192.168.1.2 secret /etc/openvpn/static.key
Save the file and exit. It’s better to enable IP forwarding in the Server (and Client if required):
echo 1 > /proc/sys/net/ipv4/ip_forward
Client Side Configuration
make a new file tun on /etc/openvpn
Add those line to this file
remote 192.168.1.1 dev tun ifconfig 192.168.1.2 192.168.1.1 secret /etc/openvpn/static.key
Start openvpn on Both Side
execute this command on both side
openvpn --config /etc/openvpn/tun --verb 6
Since, this is a easy and quickest process to install and configure openvpn. If you want to learn more about openvpn just see this how to guide .
Some Security Discussion
Now the time, to add some firewall rules. You can add firewall rules usingcommands. make different types of rules set and execute it from server side.
Use a secure media to pass the static.key file from server to client you can you use scp or pen drive for this purpose.
It is best to use RSA Key management. It has many features to secure your certificate authentication system. Even you can pass your key while connecting client to server with secure way.
By default openvpn uses port 1194 (UDP). So check your firewall whether it is open.