Friday, March 29, 2013

[Tutorial] CentOS 6 OpenVPN Client - Connecting to Existing Site to Site VPN (TomatoUSB)

In this tutorial, I'm going to show you how to add a CentOS 6 server as a OpenVPN client to your existing Site to Site VPN.

This is an extension of my [Tutorial - 30 Minutes or Less] Site to Site VPN with TomatoUSB and OpenVPN and assumes you already have your Site to Site VPN operational. However, you should be able to follow this tutorial and connect to any existing OpenVPN Server.

At the end of this tutorial, your CentOS server will be able to securely access your LAN resources (i.e, computers, printers) on both sites and vice versa (you will also be able to seamlessly access your CentOS server).

Overview of the Steps:

1) Generate Certs and Keys
2) Copy/Transfer over Certs and Keys to Client VPS
3) Install OpenVPN (client)
4) Configure OpenVPN Client
5) Connect


Generate cert/keys for VPS (CentOS 6 32-bit OpenVPN Client)

SSH into your TomatoUSB OpenVPN Server.

#Setup and initialize environment
cd /opt/openvpn-easy-rsa
source ./vars


#myvps_client is the Common Name
./build-key myvps_client


Copy/Transfer over Certs and Keys to Client VPS

Since my CentOS server is running SSH, I'm going to use SSH and SCP (secure copy) to transfer over the certificates and key. You can also transfer over the keys via SFTP or a USB drive.


#create the /etc/openvpn/keys folder on my centos server
ssh root@myvps.qnology.com mkdir -p /etc/openvpn/keys 

#copy over the certificates and keys
#all one line
cd /opt/openvpn-easy-rsa
scp keys/ca.crt keys/myvps_client.crt keys/myvps_client.key root@myvps.qnology.com:/etc/openvpn/keys

Install OpenVPN on CentOS 6

#Bring everything up to date
yum -y update

#Add EPEL (Extra Packages for Enterprise Linux) Repo
# RHEL/CentOS 6 32-Bit ##
cd /tmp 


wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm

yum --enablerepo=epel install openvpn.i686

Configure OpenVPN Client

#copy sample client.conf to /etc/openvpn
cp /usr/share/doc/openvpn-2.2.2/sample-config-files/client.conf /etc/openvpn


#edit openvpn client.conf
nano /etc/openvpn/client.conf

Update the following lines
#remote OpenVPNServer.ADynamicDNSAddress.com 1194
#ca /etc/openvpn/keys/ca.crt
#cert /etc/openvpn/keys/myvps_client.crt
#key /etc/openvpn/keys/myvps_client.key

#start VPN manually to test
openvpn --config /etc/openvpn/client.conf


#test starting VPN as a service
service openvpn start

#autostart at OpenvPN client on reboot
chkconfig openvpn on



14 comments :

  1. Hi Qui,
    Thanks for all the hard work you have done on making this happen. Worked really well for me until I had daft idea of Cups printing. Killed setup so did a reinstall. all working except getting error on svn checkout https://github.com/archlinuxarm/PKGBUILDs/trunk/aur/plexmediaserver as file not found. what should I do now?

    ReplyDelete
    Replies
    1. You posted this comment on the wrong blog. :)

      Thanks for letting me know. Link has been updated. Build in progress and will update pre-compiled package this weekend.

      Delete
  2. Well ! I use the above steps to add cent os server to vpn . After setting a vpn , i use Ip-details.com to check whether ip gets changed or not .

    ReplyDelete
  3. You have a real ability for writing unique content. I like how you think and the way you represent your views.Thanks.

    ReplyDelete
  4. I like such tutorials cause they are short and precise. It is talent to write the most important things in the article. I know it cause notext I am a writer.

    ReplyDelete
  5. Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place.. web

    ReplyDelete
  6. With all that software I still can't get myself VPN so probably this solution will work. I rarely rely on any sites or services besides HitTheGrade but your blog is really cool so I wanna give it a try. Thank you for posting!

    ReplyDelete
  7. iTunes is an Apple particular software program, iTunes Account Though iTunes login accounts are mainly made use of on Apple tools.

    ReplyDelete
  8. So you've selected to dive your self into the universe of sport advancement, have accumulated a group of forceful warriors to handle all the tremendous problems and are prepared to make the subsequent high-quality game inside the commercial enterprise. Gmod game

    ReplyDelete
  9. Creating a blog can appear difficult for many people, even though for some individuals it's an simple process. Nevertheless, a very important factor that everybody shares in common is that they are searching for ways to improve their blog and attain incre.cheap shoes in Pakistan

    ReplyDelete
  10. Uptime is one of the most important factors in maintaining an effective online presence. Outages of any duration can be costly. Downtime can impact your organization directly by causing lost sales, signups, etc., or indirectly by hurting your reputation and brand image.mens casual dress shoes

    ReplyDelete
  11. Loved to read your blog. I speedypaper review would like to suggest you that traffic show most people read blogs on Mondays. So it should encourage blogger to write new write ups over the weekend primarily.

    ReplyDelete