#. ./vars ( ………………………++++++ …………………….++++++ writing new private key to ‘ca.key’ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [ZA]: State or Province Name (full name) [GP]: Locality Name (eg, city) [JHB]: Organization Name (eg, company) [Companynamevpn]: Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server’s hostname) []: Companynamevpn Email Address [name@mail.com]:
Some information above already entered in step 4, hust hit enter and go to next line.
6. Building server key
#./build-key-server ovpnsrv1
Generating a 1024 bit RSA private key ………………………………….++++++ …………………….++++++ writing new private key to ‘ovpnsrv1.key’ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [SA]: State or Province Name (full name) [GP]: Locality Name (eg, city) [JHB]: Organization Name (eg, company) [Companynamevpn]: Organizational Unit Name (eg, section) []: Companynamevpn Common Name (eg, your name or your server’s hostname) []:Companynamevpn Email Address [name@email.com]:
Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject’s Distinguished Name is as follows
Blah blah and then see the following.
Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days) Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
7. Building Diffie Hellman
#./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time
#cd ../ #vi server.conf dev tap ;dev tun ca ca.crt cert ovpnsrv1.crt key ovpnsrv1.key # This file should be kept secret
; You can also add a route to a network as follows:
push "route 10.200.0.0 255.255.255.0"
Important NOTE:
If you want to connect to another network once you have connected via vpn, then you will need to add a push "route 10.200.0.0 255.255.255.0" in the server.conf file on the server. And the other network might need a route added in the routing table to tell them where to find the client that has connected via vpn
10. Startup the OpenVPN service
#service openvpn restart #chkconfig openvpn on
Windows Client Installation and Configuration
1. Download a copy of windows client
http://openvpn.net/release/openvpn-2.1.3-install.exe and install it.
2. Create CA in windows machine
Open windows cmd.exe command promp and change directory (cd) into C:\Program Files\OpenVPN\easy-rsa\
>copy vars.bat.sample vars.bat
>edit vars.bat (scroll down to the bottom)
set KEY_COUNTRY=SA set KEY_PROVINCE=GP set KEY_CITY=JHB set KEY_ORG= Companynamevpn set KEY_EMAIL=name@mail.com
note: the above information must be same as the details set in server previously.
For the above command to work you might need to copy the openssl file into the C:\Program Files\OpenVPN\easy-rsa\ folder from the C:\Program Files\OpenVPN\bin\ folder
Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys
Copy the vpnhome.csr created in the keys folder from C:\Program Files\OpenVPN\easy-rsa\keys to your Linux server into /etc/openvpn/easy-rsa/keys/
Now – on your Linux server do the following:
#cd /etc/openvpn/easy-rsa/ #./sign-req vpnhome Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject’s Distinguished Name is as follows Blah blah Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days) Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
Copy new signed certificate to your windows machine
Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file – ca.crt and vpnhome.crt
Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config
Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config
7. Setting the client configuration for OpenVPN
Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config
Edit it with the followings changes, similar to what you have done in the linux server
dev tap ;dev tun dev-node OpenVPN_Tap remote 1194 (example: remote 202.188.1.1 1194) ca ca.crt cert vpnhome.crt key vpnhome.key ns-cert-type server
8. Configure the network interface for OpenVPN Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)” (ie rename the “new” connection that has now appeared. Right-Click to rename as ‘OpenVPN_Tap’
9. Startup the connection of client
Go to START>All Programs>OpenVPN>OpenVPN GUI , click it
In the task-bar, select “OpenVPN GUI” -> right-click “Connect”
Important NOTE:
If you want to connect to another network once you have connected via vpn, then you will need to add a push "route 10.200.0.0 255.255.255.0" in the server.conf file on the server. And the other network might need a route added in the routing table to tell them where to find the client that has connected via vpn
