I've decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.
First thing I needed to do was to log into my VPS control panel (vePortal) and enable "Tun/Tap" this will make the "/dev/net/tun" device visible inside OpenVZ. You may or may not need to do that.
Next thing was to add the RPMForge repo Download the rpm.
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm">http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
Import the GPG key for the repo
# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
Check to see if the downloaded RPM is tampered with.
# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
Install the RPM
# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm
Now you can install OpenVPN.
# yum install openvpn.x86_64
Now we need to configure the server.
Find where the easy-rsa files are located
# find / -name easy-rsa
That should return a full path to where the easy-rsa directory and tools are, we need to copy them to "/etc/openvpn"
# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn
Change into the following directory and edit the "vars" file
# cd /etc/openvpn/easy-rsa/2.0
Edit the vars file
# vim vars
You must change at last the following to match your setup :
export KEY_COUNTRY= export KEY_PROVINCE= export KEY_CITY= export KEY_ORG= export KEY_EMAIL=
Source the vars file :
# source ./vars
Clean any existing builds :
Build the CA :
Next we need to build the server keys :
# ./build-key-server server
Then we build the client key :
# ./build-key client
(you can call this what eve you want)
Lastly we build the Diffie Hellman key :
Lets relocate the keys we just made. Copy the following three files to your client "ca.crt client.crt client.key"
Copy the following server keys to "/etc/openvpn"
# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
Now we need to configure the server. Copy over a template.
# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/
This is what my config looks like, its very smilar to the example config.
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 tun-mtu 1500 mssfix 1400 cipher AES-128-CBC
Start the server
# /etc/init.d/openvpn start
Check /var/log/message , you should see "Initialization Sequence Completed" You also should now see a "tun0" interface under ifconfig
Set it to start on boot.
# chkconfig openvpn on