[.:LIMS:.]

I have searched this forum and i don't find any OPENVPN tutorial, so i'll write tutorial how to make OPENVPN running on CentOS, hope it will be useful.

Here i'm using OpenVZ VPS with CentOS 5.5 32bit, and about the memory requirement? Don't worry, OPENVPN doesn't eat your memory too much, it only eats 25MB memory

First thing you have to do is check whether tun/tap is active or not by typing
#cat /dev/net/tun

Code:

cat: /dev/net/tun: File descriptor in bad state

take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

Install required modules
#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Download OPENVPN repo
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

for 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

for 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Build the rpm packages
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

*remember to change i386 to x86_64 if you're using 64bit

Install OPENVPN
#yum install openvpn

Copy OPENVPN easy-rsa folder to /etc/openvpn/
#cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/

Now let's create the certificate
#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars
#./vars
#./clean-all

Build CA
#./build-ca

Code:

Country Name: may be filled or press enter 
State or Province Name: may be filled or press enter 
City: may be filled or press enter 
Org Name: may be filled or press enter 
Org Unit Name: may be filled or press enter 
Common Name: your server hostname 
Email Address: may be filled or press enter

Build key server
#./build-key-server server

Code:

Almost the same with ./build.ca but check the changes and additional
 Common Name: server
 A challenge password: leave
 Optional company name: fill or enter
 sign the certificate: y
 1 out of 1 certificate requests: y

Build Diffie Hellman (wait a moment until the process finish)
#./build-dh

Now i'm gonna create UDP port 1194 configuration for OPENVPN, use any text editor you like
#nano /etc/openvpn/1194.conf

Code:

 local 123.123.123.123 #- your_server_ip
 port 1194 #- port
 proto udp #- protocol
 dev tun
 tun-mtu 1500
 tun-mtu-extra 32
 mssfix 1450
 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
 cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
 key /etc/openvpn/easy-rsa/2.0/keys/server.key
 dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
 plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
 client-cert-not-required username-as-common-name
 server 1.2.3.0 255.255.255.0
 push "redirect-gateway def1"
 push "dhcp-option DNS 208.67.222.222"
 push "dhcp-option DNS 4.2.2.1"
 keepalive 5 30
 comp-lzo
 persist-key
 persist-tun
 status 1194.log
 verb 3

before you save the configuration, make sure that the "plugin /usr/share/.. /pam.d/login" is one line

Start the OPENVPN with 1194.conf
#openvpn /etc/openvpn/1194.conf &

here's the status if OPENVPN successfully started

Code:

 Sat Des 24 02:23:20 2011 UDPv4 link remote: [undef]
 Sat Des 24 02:23:20 2011 MULTI: multi_init called, r=256 v=256
 Sat Des 24 02:23:20 2011 IFCONFIG POOL: base=1.2.3.4 size=62
 Sat Des 24 02:23:20 2011 Initialization Sequence Completed

Make OPENVPN 1194.conf running in background
#bg

Enable ipv4 forward
#echo 1 > /proc/sys/net/ipv4/ip_forward

Route iptables
#iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to 123.123.123.123

*1.2.3.0 is allocated ip for OPENVPN client
*123.123.123.123 is your server ip

Now we create username and password for authorization
#useradd username -s /bin/false
#passwd username

Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory, you can use sftp client

Download and install OPENVPN client for windows, download the latest stable release OPENVPN version 2.2.1 from here

After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)

Also create client configuration file in OPENVPN config directory, here's the example:

Code:

 client
 dev tun
 proto udp #- protocol
 remote 123.123.123.123 1194 #- SERVER IP and OPENVPN Port
 resolv-retry infinite
 nobind
 tun-mtu 1500
 tun-mtu-extra 32
 mssfix 1450
 persist-key
 persist-tun
 ca ca.crt
 auth-user-pass
 comp-lzo
 verb 3

save with anyname.ovpn or 1194.ovpn


Run OPENVPN Client on your Windows, connect with your username and password.



Check your IP Address in browser and Voila!!! You're IP is now changed to your server IP

note:
- Never fails make OPENVPN on CentOS with this tutorial
- Those configurations above are basic configuration, you can check OPENVPN website for another configuration
- If you're using Win 7, before installing OPENVPN client, right click on the installer, properties, run as administrator and change compatibility to Windows XP SP3
- If you wanna add another port, maybe TCP so you can run OPENVPN over proxy, just create new configuration for server, adjust the following lines:

Code:

port: your preferred port
protocol: tcp or udp
client's ip: 1.2.4.0 or 1.2.5.0 ; 1.2.6.0 ; and so on

also new configuration for client

Code:

proto xxxx #- change xxxx to tcp or udp
remote 123.123.123.123 yyyy #- change yyyy to OPENVPN port

and then run the command
#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123