How setup OpenVPN on OpenVZ with Centos 6 64-bit template

This is only for New OpenVZ with Centos-6-OpenVPN-64-bit template. You can reinstall to this template via web panel. Once you did that, please do following to set it up:

1. SSH to your IP and login as root then Generate new SSH keys. This is a generic template. You will need to generate you own keys!

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa
Verify the date/time are correct on your new VM. If not correct, adjust before continuing.

2. Then

##############################################
STOP AND EDIT /etc/openvpn/easy-rsa/2.0/vars
EDIT THE EXPORT lines at end of file
#############################################

export KEY_COUNTRY=
export KEY_PROVINCE=
export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

3. Run the script “/root/EasyOpenVPN/STEP3_install-EasyOpenVPN_part2.sh”. This script will ask for name & address info for your certificates and then create your certificates. MAKE SURE EACH QUESTION. Most default
answers are selected from the file edited in previous step. Do not change the server “common name”
when asked, the script expects to see the name "server".

4. After step above is complete, type “ifconfig” and see if you have a tun0 interface as below.
SAMPLE OUTPUT:
root@pbx:~ $ ifconfig
tun0
Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

At this point you should have a basic functioning OpenVPN server

5. The script “/root/EasyOpenVPN/create-EasyOpenVPN-client.sh” creates your Openvpn client config files.
Run the “/root/EasyOpenVPN/create-EasyOpenVPN-client.sh” script and answer the questions (client name, server ip/fqdn address, etc.)
The client OpenVPN configuration files will be placed into the dir “/root/key/<client-name>”. Repeat
this script for each client, giving each client a NEW NAME.
After creating the client configs, place the <client-name>.tar file on your client. Client setup up is not
covered here yet and differs from distro – distro. Google is your friend!
SAMPLE OUTPUT:
/root/EasyOpenVPN/create-EasyOpenVPN-client.sh
Please enter name for cert
Example: Desktop
Remote-PBX
Please enter your FQDN
Example: mypbx.homelinux.com
mypbx.homelinux.com
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating a 1024 bit RSA private key
......................................++++++
.............++++++

writing new private key to 'Remote-PBX.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName
:PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'NY'
localityName
:PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
commonName :PRINTABLE:'Remote-PBX'
emailAddress
:IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Dec 19 15:47:54 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
rm: cannot remove `/etc/openvpn/client.conf.tmp*': No such file or directory
tar: ./Remote-PBX.tar: file is the archive; not dumped
Client config files saved to /root/keys/Remote-PBX

Copy the tar file to the new client.

6. Adding users to the VPN server:

Before you can connect a client to the VPN server, you must first add a user to the VPN server:
# adduser <newuser>
# passwd <newuser>

Client setup:
Ubuntu
sudo apt-get install openvpn network-manager-openvpn
Copy the tar file created by the “create-EasyOpenVPN-client.sh” script above to the /etc/openvpn directory
and untar the file.
Click on the network-manager applet (top right of desktop), select configure VPN, and setup a new open-vpn
connection.
Configure setting accordingly, making sure to set the gateway address, set authentication to “Password” ,
select the path to your ca.crt (/etc/openvpn/ca.crt) and under advanced select “use a TCP conection” and port
1194.

هل كانت المقالة مفيدة ؟

 طباعة

اقرأ أيضاً :

"Server refused to allocate pty" on New LXC template(s)

NOTE: This seems to happen only on OpenVZ template(s) that's used on LXC, like Cenots 6 32-bit....

How to access Web Panel or VNC Console from Client Area (New KVM/OpenV/LXC)

NOTE: - If problems, use other web browser or try Private Window on your browser. - If you get...

How to setup OpenVPN on Ubuntu 14.04

Please see https://help.ubuntu.com/14.04/serverguide/openvpn.html

How to install from ISO (New KVM)

This is only for our New KVM based VPS, there are 2 different New KVM plans, click here for KVM...

Difference between OpenVZ and LXC

OpenVZ OpenVZ is a Linux container solution. It was first released in 2005 by SWSoft, now known...