LPE

OpenVPN have a whole armada of neat features to discover, but in this post we’ll be shedding a light on the most basic one, connect a client to a server.

Install OpenVPN on the server (you need EPEL for this, search for EPEL on this site)

yum install openvpn

Move the scripts to a more proper location.
This step is optional, but as said before, it “feels” better”

cp -r /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/ca/

Edit the file named ‘vars’ and edit the variables at the bottom to fit your company and situation

export KEY_COUNTRY="SE"
export KEY_PROVINCE="X"
export KEY_CITY="Gavle"
export KEY_ORG="yourcompany"
export KEY_EMAIL="you@yourcompany.com"

Source the script and if you want to make sure it worked type ‘export’ and check for those variables

. vars

Clean up

./clean-all

Now generate the necessary certificates

./build-ca
./build-key-server servername
./build-key clientname

Edit your configuration (/etc/openvpn/server.conf), an example configuration could look like this,
if you have questions about these options you may browse the official OpenVPN site.

port 10001
proto udp
dev tun
ca ca/keys/ca.crt
cert ca/keys/servername.crt
key ca/keys/servername.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Generate Diffie-Hellman parameters

./build-dh

Now start the service

service openvpn start

Now on to the Windows side of things, ie. the dark side.

Install OpenVPN from OpenVPN
Copy ca.crt, client.crt and client.key to your config folder.

Create a file called client.ovpn and edit it after this template

ca ca.crt
cert client.crt
key client.key
comp-lzo
client
dev tun
proto udp
remote 10.0.0.1 10001 # this beeing the IP to the centosserver as well as port
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
route-method exe

Now rightclick your file and choose “Start with OpenVPN” and you should be done.