Setting up an OpenVPN server and clients on Fedora Core

Besides the extensive OpenVPN documentation I couldn't really find a step by step guide on how to setup an OpenVPN server and client.

I want to be able to connect my Fedora Core 10 laptop to the home-network via a Fedora Core 10 server.

Overview of the network setup

The server is 192.168.0.1, running Fedora Core 10 with openvpn 2.1. Newer versions are likely to work as well.
The laptop has a dynamic IP address.

Setting up the server

Please read the OpenVPN documentation if you run into troubles.

First setup the Certificate Authority keys.

cd /usr/share/openvpn/easy-rsa/2.0/
vi vars
# Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL, all at the bottom.
. ./vars
./clean-all
./build-ca
# Press "enter" on each item.

Now setup the Server key and the Diffie Hellman key.

./build-key-server server
# Press enter on each item.
./build-dh

And build the client keys, each client needs its own key, with a unique Common Name. The IP address assigned to the client is related to the Common Name, so if you use non-unique Common Names, you will have conflicting IP addresses.

./build-key client1
./build-key client2
./build-key client3
mv keys /etc/openvpn

cp /usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf
vi /etc/openvpn/server.conf
# Check the ca, cert, key and dh variables.

Start the server by issuing:

chkconfig openvpn on
service openvpn start

Setting up the client

Move the ca.cert, client1.crt and client1.key to the client, in /etc/openvpn/keys and copy the configuration. You will need to modify the client.conf a little bit.

/usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-client.conf /etc/openvpn/client.conf
vi /etc/openvpn/client.conf
# Find "remote" and set it to the internet address of your VPN server.

Start the client:

chkconfig openvpn on
service openvpn start

Checking if it worked

On both server and client issue ifconfig tun0 to see what IP-address is assigned to the entry of the tunnel. From the either end of the tunnel you should be able to ping the other end. Also tcpdump -n -i tun0 should work.

Hope this works for you as well, check out /var/log/messages for information. /etc/init.d/openvpn status dump a status of all connected clients to /var/log/messages.

Comments

Thanks for this idea. I'll be

Thanks for this idea. I'll be trying out this process. Hope, this will work on me as well. - Stephen Samuelian

Thanks for your writeup I'm

Thanks for your writeup
I'm stuck however, at the starting of the server. There are no errors up to that point, but when i start the server i get a FAILED notice.

the log shows these errors:

Jul 26 22:43:41 maddios openvpn[7159]: Cannot load private key file /etc/openvpn/key/server.key: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Jul 26 22:43:41 maddios openvpn[7159]: Error: private key password verification failed
Jul 26 22:43:41 maddios openvpn[7159]: Exiting

I can't figure out what these mean

haha, just realized i had a

haha, just realized i had a typo, key instead of keys. works now :)

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]