How To Install VPN in Centos from Source
Make sure you have these packages installed:
1. yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Download LZO RPM and Configure RPMForge Repo:
2. wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm (Release can be different)
3. wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm (Release can be Different)
Build the rpm packages:
4. rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
5. rpm -Uvh lzo-*.rpm
6. rpm -Uvh rpmforge-release*
Install OpenVPN:
7. yum install openvpn -y
Now Please check if you have easy-rsa folder or not check in this location /usr/share/doc/openvpn-2.3.1/easy-rsa
8. if you do not have easy-rsa folder then you have to download from link below
wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz
—-> Make sure you have /usr/share/doc/openvpn-2.3.1/easy-rsa and you give this command
—–> cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/
Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
change –from this –> export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
change –to—this—> export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
9. Now let’s create the certificate:
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
10. Now Build Certificate Authority (CA)
./build-ca
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter
11. Build key for server:
./build-key-server server
Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y
12. Build Diffie Hellman (wait a moment until the process finish):
./build-dh
13. touch /etc/openvpn/server.conf
and add following lines
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
14. service openvpn start
——> note if openvpn is not starting, check /var/log/message and try to found out the problem and start debugging.
You may find this error
PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
wget http://safesrv.net/public/dl/openvpn-auth-pam.zip
unzip openvpn-auth-pam.zip
mv openvpn-auth-pam.so /etc/openvpn/openvpn-auth-pam.so
———->Then replace the PAM plugin line in your server.conf to below:
plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login
killall -9 openvpn
service openvpn start
# vi etc/sysctl.conf
do like —> net.ipv4.ip_forward = 1
Time to generate Client Keys (ca.cer, client,cer, client.key)
cd /etc/openvpn/easy-rsa
./build-key client
————-or————-
cd /etc/openvpn/easy-rsa/keys
source ./vars
/build-key keyname