Monday, 18 May 2015

OpenVPN - Point-to-Point VPN using Static Key Authentication in RHEL7

OpenVPN has 2 authentication modes:
1) Static Key Mode: uses a pre-shared key for authentication. A pre-shared key is generated and shared between both OpenVPN peers.

2) TLS/SSL mode: uses digital certificates for authentication and key exchange. An SSL session is established with both client and server authenticating each other with digital certificates.

In this tutorial, we will establish a point-to-point VPN tunnel using static key, between two hosts:
Server: 192.168.3.2
Client:  192.168.3.1

The tunnel endpoints will be as follows:
Server: 10.8.0.2
Client:  10.8.0.1  

The VPN tunnel end-points represent a secure alternate path between the two hosts. For example, from client, you can 'telnet' to the server over the VPN by using the tunnel endpoint address of the server, as shown below:
telnet 10.8.0.2

Or, you can 'telnet' directly to the server, by using the server's ip address, as shown below:
telnet 192.168.3.2

NOTE: Ensure that the address you use for the tunnel endpoints is not part of any existing subnet on both the machines. 
 

Server Configuration: (192.168.3.2)


1) Install EPEL Repository
[root@zserver1 ~]# yum install epel-release

2) Install packages
[root@zserver1 ~]# yum --disablerepo=\* --enablerepo=epel install openvpn

3) Generate the shared secret key to be used for authentication between client and server.
[root@zserver1 ~]# cd /etc/openvpn
[root@zserver1 openvpn]# openvpn --genkey --secret static.key

4) Create the server config file '/etc/openvpn/server.conf'. Add the following entries.
dev tun 
ifconfig 10.8.0.2  10.8.0.1
secret /etc/openvpn/static.key

5) Start VPN Server
[root@zserver1 openvpn]#  systemctl start openvpn@server.service

6) Configure firewall. Open UDP port 1194 and enable virtual device 'tun0'.
[root@zserver1 openvpn]# firewall-cmd --zone=public --add-port=1194/udp --permanent
[root@zserver1 openvpn]#firewall-cmd --zone=public --add-interface=tun0 --permanent
[root@zserver1 openvpn]# firewall-cmd --reload


Client Configuration: (192.168.3.1)


1) Install EPEL Repository
[root@meru ~]# yum install epel-release

2) Install packages
[root@meru ~]# yum --disablerepo=\* --enablerepo=epel install openvpn

3) Copy the shared secret key file '/etc/openvpn/static.key' from the server, to the dir '/etc/openvpn/' on the client.

4) Create the client config file '/etc/openvpn/client.conf'. Add the following entries.
remote 192.168.3.2  
dev tun
ifconfig 10.8.0.1  10.8.0.2
secret /etc/openvpn/static.key

5) Connect to the VPN Server
[root@meru ~]#  openvpn --config /etc/openvpn/client.conf

6) Open another terminal window. And configure firewall. Enable virtual device 'tun0'.
[root@meru ~]# firewall-cmd --zone=public --add-interface=tun0 --permanent
[root@meru ~]# firewall-cmd --reload

7) To test the VPN, ping 10.8.0.2 from the client and 10.8.0.1 from the server
[root@meru ~]# ping 10.8.0.2

2 comments:

  1. Nikmati Bonus Menarik Dari Bolavita Sekarang...
    -Nikmati Bous New member 10%
    -Nikmati Bonus Cashback Hingga 10%
    -Nikmati Juga Bonus jackpot Hingga Ratusan juta Rupiah Setiap harinya...

    Info Lengkap Hubungi:
    WA : 0812-2222-995
    Line : cs_bolavita
    Link : www.bolavita1.com

    TERIMA KASIH

    ReplyDelete