Setting up an OpenVPN server and clients on Fedora Core

Besides the extensive OpenVPN documentation I couldn't really find a step by step guide on how to setup an OpenVPN server and client.

I want to be able to connect my Fedora Core 10 laptop to the home-network via a Fedora Core 10 server.

Overview of the network setup

The server is, running Fedora Core 10 with openvpn 2.1. Newer versions are likely to work as well.
The laptop has a dynamic IP address.

Setting up the server

Please read the OpenVPN documentation if you run into troubles.

First setup the Certificate Authority keys.

cd /usr/share/openvpn/easy-rsa/2.0/
vi vars
# Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL, all at the bottom.
. ./vars
# Press "enter" on each item.

Now setup the Server key and the Diffie Hellman key.

./build-key-server server
# Press enter on each item.

And build the client keys, each client needs its own key, with a unique Common Name. The IP address assigned to the client is related to the Common Name, so if you use non-unique Common Names, you will have conflicting IP addresses.

./build-key client1
./build-key client2
./build-key client3
mv keys /etc/openvpn

cp /usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf
vi /etc/openvpn/server.conf
# Check the ca, cert, key and dh variables.

Start the server by issuing:

chkconfig openvpn on
service openvpn start

Setting up the client

Move the ca.cert, client1.crt and client1.key to the client, in /etc/openvpn/keys and copy the configuration. You will need to modify the client.conf a little bit.

/usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-client.conf /etc/openvpn/client.conf
vi /etc/openvpn/client.conf
# Find "remote" and set it to the internet address of your VPN server.

Start the client:

chkconfig openvpn on
service openvpn start

Checking if it worked

On both server and client issue ifconfig tun0 to see what IP-address is assigned to the entry of the tunnel. From the either end of the tunnel you should be able to ping the other end. Also tcpdump -n -i tun0 should work.

Hope this works for you as well, check out /var/log/messages for information. /etc/init.d/openvpn status dump a status of all connected clients to /var/log/messages.

About Consultancy Articles Contact

References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]