Scribd
Upload
102 views20 pages

OpenVPN Setup Guide for Secure VPN

OpenVPN allows you to build secure virtual private networks (VPNs). It uses SSL/TLS encryption to provide security and privacy for network connections between remote computers. The document discusses how to install and configure OpenVPN on Linux to set up an OpenVPN server and generate certificates for clients. It also covers configuring an OpenVPN client and connecting to the server to establish an encrypted VPN tunnel.

Uploaded by

api-32211564
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
102 views20 pages

OpenVPN Setup Guide for Secure VPN

OpenVPN allows you to build secure virtual private networks (VPNs). It uses SSL/TLS encryption to provide security and privacy for network connections between remote computers. The document discusses how to install and configure OpenVPN on Linux to set up an OpenVPN server and generate certificates for clients. It also covers configuring an OpenVPN client and connecting to the server to establish an encrypted VPN tunnel.

Uploaded by

api-32211564
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

OpenVPN – Build Secure Virtual

Private Networks (VPN)


What is VPN?

What led to the development of VPN


concept?
First form of VPN
Basic Idea behind VPN

How is it VIRTUAL?

How is it Private?

Are VPNs really Private?

How can We make it Private?


VPN: An Example
VPN technology often is called tunneling

A VPN packet structure


Installing and Configuring
OpenVPN

Open VPN can be downloaded from


[Link]
Or

You can add rpmforge repository and install using YUM

In debian it is readily available in its default repos


Configuring an OenVPN Server

[Link] involves Creating the master CA certificate


[Link] the server key
[Link] Diffie Hellman parameters
[Link] the files to respective locations
[Link] the conf file /etc/openvpn/[Link]
Generating master Certificate Authority
(CA) certificate & key

cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

cd /etc/openvpn/easy-rsa/2.0/

edit the vars file (called [Link] on Windows) and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and
KEY_EMAIL parameters. Don't leave any of these parameters blank.

Next, initialize the PKI. On Linux/BSD/Unix:

chmod +rwx *

. ./vars

./clean-all

./build-ca
Generate certificate & key for server
Generating a certificate and private key for the server. On
Linux/BSD/Unix:
./build-key-server server

As in the previous step, most parameters can be


defaulted. When the Common Name is queried, enter
"server".
Generate certificates & keys for 3 clients
Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:
./build-key client1
./build-key client2
./build-key client3

If you would like to password-protect your client keys, substitute


the build-key-pass [Link] that for each client, make sure to
type the appropriate Common Name when prompted, i.e. "client1",
"client2", or "client3"

Generate Diffie Hellman parameters


Diffie Hellman parameters must be generated for the OpenVPN server. On Linux/BSD/Unix:
./build-dh
Creating the conf file

/usr/share/doc/openvpn-2.0.9/sample-config-
files/[Link]

We can copy the sample /etc/openvpn


Parameters We are concentrating
port 1194
Proto udp
dev tap
ca [Link]
cert [Link]
key [Link]
dh [Link]
server [Link] [Link]
push "dhcp-option DNS [Link]"
push "dhcp-option DNS [Link]"
#push "dhcp-option WINS [Link]"
ifconfig-pool-persist [Link]
comp-lzo
user nobody
group users
persist-key
persist-tun
status [Link]
verb 3
client-to-client
Copying the certs

cp
/etc/openvpn/easy-rsa/2.0/keys/{[Link],[Link],[Link],
[Link]} /etc/openvpn/

./build-dh (builds the dh1024)


cp /etc/openvpn/easy-rsa/2.0/keys/[Link]
/etc/openvpn/
/etc/init.d/openvpn start
Configuring the client

[Link] openvpn
[Link] conf file
[Link] the client cerificates from the server
Client conf file

/usr/share/doc/openvpn-2.0.9/sample-config-
files/[Link]

Copy it to /root
Parameters that we are concentrating
in Client conf
client
dev tap
proto udp
remote ip-of-server 1194
ca [Link]
cert [Link]
key [Link]
comp-lzo
verb 3
Connecting to The Server

Get [Link], [Link], [Link] to /root of client from


the server

Run the command

openvpn [Link]
A normal server startup should look like this (output will vary across platforms):

Sun Feb 6 [Link] 2005 OpenVPN 2.0_rc12 i686-suse-linux [SSL] [LZO] [EPOLL] built on Feb 5 2005
Sun Feb 6 [Link] 2005 Diffie-Hellman initialized with 1024 bit key
Sun Feb 6 [Link] 2005 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Feb 6 [Link] 2005 TUN/TAP device tun1 opened
Sun Feb 6 [Link] 2005 /sbin/ifconfig tun1 [Link] pointopoint [Link] mtu 1500
Sun Feb 6 [Link] 2005 /sbin/route add -net [Link] netmask [Link] gw [Link]
Sun Feb 6 [Link] 2005 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:23 ET:0 EL:0 AF:3/1 ]
Sun Feb 6 [Link] 2005 UDPv4 link local (bound): [undef]:1194
Sun Feb 6 [Link] 2005 UDPv4 link remote: [undef]
Sun Feb 6 [Link] 2005 MULTI: multi_init called, r=256 v=256
Sun Feb 6 [Link] 2005 IFCONFIG POOL: base=[Link] size=62
Sun Feb 6 [Link] 2005 IFCONFIG POOL LIST
Sun Feb 6 [Link] 2005 Initialization Sequence Complete

You might also like