Install Openvpn on Linux|Configure VPN between network
We have been roaming around to establish VPN connection between our network to AWS network. There are servers which are in private network which needs to be accessed from our local network. Here comes the post on how to establish a VPN connection between your network to other network
Prerequisites:
- Ubuntu 14.04 or latest version
- Windows Client Machine/Linux Machine where you will connect
Installation:
Let’s install openvpn server on the Ubuntu server.
apt-get install openvpn easy-rsa
Create a installation directory.
make-cadir ~/openvpn-ca
Move to the installation directory.
cd ~/openvpn-ca
Open vars file and modify the below settings.
vim vars
export KEY_COUNTRY="IN" export KEY_PROVINCE="KARNATAKA" export KEY_CITY="Bangalore" export KEY_ORG="PheonixSolutions" export KEY_EMAIL="test-key-vpn@pheonixsolutions.com" export KEY_OU="Devops" # X509 Subject Field export KEY_NAME="server"
Source the file vars.
source vars
Create the CA certificate
./build-ca
Just give enter for all the options and leave it blank for password. Note that, these options will be taken from vars file.
Create the keyserver
./build-key-server server
Create dh.pem
./build-dh
Create ta.key
openvpn --genkey --secret keys/ta.key
We will be creating client key on the same machine and copying the key to client machine.
./build-key client1
Copy the server.key,server.crt,ca.crt,ca.crt,ta.key,dh2048.pem
cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn
Create server.conf
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
Add or update the following lines on /etc/openvpn/server.conf.
vim /etc/openvpn/server.conf
tls-auth ta.key 0 # This file is secret
key-direction 0auth SHA256
user nobody
group nogroup
dh dh2048.pem
push “redirect-gateway def1 bypass-dhcp”
Enable Ip forward on the kernel level.
echo 1 > /proc/sys/net/ipv4/ip_forward
Append the following line /etc/sysctl.conf
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
mkdir -p ~/client-configs/files
chmod 700 ~/client-configs/files
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
vim ~/clien-configs/base.conf
remote server_IP_address 1194
cipher AES-128-CBC
auth SHA256
vim ~/client-configs/make_config.sh
#!/bin/bash
# First argument: Client identifier
KEY_DIR=~/openvpn-ca/keys
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf
cat ${BASE_CONFIG} \
<(echo -e ‘<ca>’) \
${KEY_DIR}/ca.crt \
<(echo -e ‘</ca>\n<cert>’) \
${KEY_DIR}/${1}.crt \
<(echo -e ‘</cert>\n<key>’) \
${KEY_DIR}/${1}.key \
<(echo -e ‘</key>\n<tls-auth>’) \
${KEY_DIR}/ta.key \
<(echo -e ‘</tls-auth>’) \
> ${OUTPUT_DIR}/${1}.ovpn