Install OpenVPN on CentOS 5

From CSLabsWiki
Revision as of 12:59, 28 April 2011 by Mccarrms (talk | contribs) (Created page with "This page summarizes how to perform a basic installation of OpenVPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled. ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page summarizes how to perform a basic installation of OpenVPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.

This tutorial is geared more towards home users who have a spare system to run OpenVPN on. In this tutorial, Windows 7 is used for the client connecting to the VPN but minor adjustments would allow for a Linux or Mac client.

If you notice a problem with this How-To or would like to provide feedback, please email Matt.

Prerequisets

  • Install CentOS 5
  • Forward UDP port 1194 to the VPN server. This is only necessary if your network has a firewall protecting it.

Install

Add RPMForge Yum Repository

Stop hand nuvola.png It is recommended that you configure yum-priorities prior to following this tutorial to avoid having base CentOS packages being overwritten by the RPMForge repository. Instructions to do so can be found on the CentOS Wiki.

For x86 (32-bit) systems

For x64 (64-bit) systems

Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

  • Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -s 10.10.9.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -j REJECT
/sbin/iptables -t nat -A POSTROUTING -s 10.10.9.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i tun0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Configure Kernel

Edit /etc/sysctl.conf 

net.ipv4.ip_forward = 1

Make the changes active

  • sysctl -p

Install OpenVPN Server

Install openvpn

  • yum install openvpn
Retrieved from "http://docs.cslabs.clarkson.edu/mediawiki/index.php?title=Install_OpenVPN_on_CentOS_5&oldid=5156"