VPN- Virtual Private Network, and OpenVPN is an open source software application that implements VPN functionality for secure point to point connection in routed or bridged configurations. Not only linux, you can use openvpn in various platforms, like Windows, Solaris, Mac OS X. openvpn has great security features such as pre-shared security key, certificates, SSLv3/TLSv1 etc. This guide will covered simple and quickest way to install and configure VPN on Linux environment.
For more information you can read our previous VPN related articles Most Popular Types of VPN and What is VPN: The Simple VPN Introduction
In this article you can see..
- Installation of OpenVPN 2.2.2
- Basic Server/Client Configuraion
- Some Security discussion on OpenVPN
So, lets begin with openvpn-2.2.2 Installation.
Installation of openvpn-2.2.2
There are various methods of installing openvpn application. At first you have to download openvpn-2.2.2 from here.
Install using RPM (for SUSE, Fedora, RedHat, Cent OS)
After downloading rpm .tar.gz file, enter command
rpmbuild -tb openvpn-2.2.2.tar.gz rpm -ivh openvpn-2.2.2.tar.gz rpm -uvh openvpn-2.2.2.tar.gz
Note: There is some additional dependencies that you have to maintain.
openssl-devel, Izo-devel, pam-devel.
Installation from Source
With this method you can install openvpn application in most Linux distrobutions (Such as Ubuntu server, Cent OS, Redhat, Debian etc)
Now, enter command:
tar xfz openvpn-2.2.2.tar.gz //to extract tar file cd openvpn-2.2.2 //to enter openvpn folder ./configure //execute installation process make make install
Tips: You can also install openvpn from default commands like apt-get (for debian, ubuntu), emerge (for Gentoo). Before you use apt command update and upgrade your apt library.
Basic client server Configuration:
Before you begin with configuration you have keep in mind some important factor. openvpn uses certificate (like PKI) to establish connection between client and server. So we have to generate server key as well as client key for secure communication between nodes. In this part i will show you to generate simple key (Static key) for easy and faster VPN configuration.
Server Side Configuration:
Let’s consider 192.168.1.1 is the server and 192.168.1.2 is the client
create a new file “tun” on /etc/openvpn. and open tun file
vi /etc/openvpn/tun
Add those line to this file
dev tun ifconfig 192.168.1.1 192.168.1.2 secret /etc/openvpn/static.key
Save the file and exit. It’s better to enable IP forwarding in the Server (and Client if required):
echo 1 > /proc/sys/net/ipv4/ip_forward
Client Side Configuration
make a new file tun on /etc/openvpn
vi /etc/openvpn/tun
Add those line to this file
remote 192.168.1.1 dev tun ifconfig 192.168.1.2 192.168.1.1 secret /etc/openvpn/static.key
Start openvpn on Both Side
execute this command on both side
openvpn --config /etc/openvpn/tun --verb 6
Since, this is a easy and quickest process to install and configure openvpn. If you want to learn more about openvpn just see this how to guide .
Some Security Discussion
Now the time, to add some firewall rules. You can add firewall rules using iptables commands. make different types of rules set and execute it from server side.
Use a secure media to pass the static.key file from server to client you can you use scp or pen drive for this purpose.
It is best to use RSA Key management. It has many features to secure your certificate authentication system. Even you can pass your key while connecting client to server with secure way.
By default openvpn uses port 1194 (UDP). So check your firewall whether it is open.
Dear Arif,
i have an openvpn project and want you to contribute on that, if you are interested send me a reply. if you have a good experience in openvpn, pptp, l2tp, tor-bridge, sock5, squid(web) and some other tools, i will be waiting .
Thanks:
imran
rpm build -tb openvpn-2.2.2.tar.gz
-tb: unknown option ???????
A small correction in the command, it should be “rpmbuild” not “rpm build”. Thanks for the comment and noticing it. We’ve corrected the article.