Install OpenVPN on CentOS 5
From CSLabsWiki
Revision as of 11:59, 28 April 2011 by Mccarrms (talk | contribs) (Created page with "This page summarizes how to perform a basic installation of OpenVPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled. ...")
This page summarizes how to perform a basic installation of OpenVPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.
This tutorial is geared more towards home users who have a spare system to run OpenVPN on. In this tutorial, Windows 7 is used for the client connecting to the VPN but minor adjustments would allow for a Linux or Mac client.
If you notice a problem with this How-To or would like to provide feedback, please email Matt.
Contents
Prerequisets
- Install CentOS 5
- Forward
UDPport1194to the VPN server. This is only necessary if your network has a firewall protecting it.
Install
Add RPMForge Yum Repository
 |
It is recommended that you configure yum-priorities prior to following this tutorial to avoid having base CentOS packages being overwritten by the RPMForge repository. Instructions to do so can be found on the CentOS Wiki. |
For x86 (32-bit) systems
rpm -Uhv http://mirror.clarkson.edu/rpmforge/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm- From Dag Wieers
For x64 (64-bit) systems
rpm -Uhv http://mirror.clarkson.edu/rpmforge/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm- From Dag Wieers
Configure iptables
Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.
- Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -s 10.10.9.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -j REJECT
/sbin/iptables -t nat -A POSTROUTING -s 10.10.9.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i tun0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v
Configure Kernel
Edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
Make the changes active
sysctl -p
Install OpenVPN Server
Install openvpn
yum install openvpn
