OpenVPN

=**OpenVPN Overview**=

OpenVPN is a open source VPN server software that is used primarily for the Linux operating system.

=**Installing OpenVPN**=

The first section of this guide is done on Fedora 10.

1. Install OpenVPN using yum at the Linux command line.

//yum install openvpn//

2. Copy the necessary configuration files to generate RSA keys and Initialize PKI by entering the following commands:

// cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn/

cd /etc/openvpn/easy-rsa/2.0/ //

3. Make the /etc/openvpn/keys direcotory and edit the /etc/openvpn/easy-rsa/2.0/vars file:

// mkdir /etc/openvpn/keys // // vi vars //

4. Now set the parameters for KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG and KEY_MAIL.

export KEY_COUNTRY="UK" export KEY_PROVINCE="LONDON" export KEY_CITY="LONDON" export KEY_ORG="TART European Division" export KEY_EMAIL="admin@tart.eu" export KEY_DIR="/etc/openvpn/keys"

5. Initialize PKI.

// . ./vars // The above line is very tricky (dot space dot/vars)

// ./clean-all // //./build-ca//

5. Build the server key.

// ./build-key-server server // 6. Generate certificates and keys for clients. You can do this for as many clients you want to joing your VPN. I am demonstrating the setup of only one client.

// ./build-key client // 7. Generate Diffie Hellman parameters

// ./build-dh //

8. Copy server.conf file from the /usr/share/doc/openvpn-2.1/sample-config-files/ to /etc/openvpn/ and make the following changes:

// cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn/ // //ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.10.10.2 255.255.255.0 // 9. That’s it ! You have successfully set up the OpenVPN server. Now start the service and set it to start automatically on start.

service openvpn start chkconfig openvpn o n

Reference (with minor changes for this particular setup)

[]

=Cisco Firewall Settings and Linux Iptable Settings=

1. We added port UDP 1194 to the input/output chain and accepted all inputs from the GRE protocol to the Firewall script.

$IPTABLES -A INPUT –p udp –dport 1194 –m state –state NEW –j ACCEPT $IPTABLES –A INPUT –p 47 –m state –state NEW ACCEPT

2. On the Cisco router add the following lines to its configuration under Config terminal.

Ip nat inside source static udp 10.10.10.2 1194 10.145.145.26 1194 extendable access-list 101 permit gre any any

=OpenVPN GUI Installation for Windows=

1. To connect to this VPN from Windows Vista go to [] and install **OpenVPN GUI.**

2. Copy client.crt, ca.crt client.key from the server in /etc/openvpn/key to c:\program files\openvpn\config on the client machine.

3. Create a file named tart.ovpn and add the following lines to it. Save the file to c:\program files\openvpn\config\


 * Client **
 * dev tun **
 * proto udp **
 * remote www.tart.eu 1194 **
 * resolv-retry infinite **
 * nobind **
 * persist-key **
 * persist-tun **
 * ca ca.crt **
 * cert client.crt **
 * key client.key **
 * comp-lzo **
 * verb 3 **