[Openvpn-users] openVPN configuration

["James McCall" <jmccall@xxxxxxxxxxxxxxxxxxxx>]

OK, I've done the following and everything appears to be going OK.

 

I used urpmi to install openssl and it appears to have gotten a version later than the one required.

 

*****

Unzip the distribution:

 

gzip -dc openvpn-1.6.0.tar.gz | tar xvf -

 

Build OpenVPN:

 

cd openvpn-1.6.0

./configure --disable-lzo

make

make install
*****

 

 

*****

Once-per-reboot Configuration Steps

 

On Linux, prior to using OpenVPN or any other program which uses TUN/TAP devices, you should load the TUN/TAP kernel module:

 

modprobe tun

 

and enable IP forwarding:

 

echo 1 > /proc/sys/net/ipv4/ip_forward

*****

 

Does the above have to be run every time the machine boots? Or run just once?

 

The sample file sample-config-files/firewall.sh was listed in the how-to but it doesn’t really say if the file needs to be renamed and moved somewhere so that it becomes active, or if the file will work unmodified in it’s current location. Help?

 

*****
First edit the /usr/share/ssl/openssl.cnf file (this file may exist in a different place, so use locate openssl.cnf to find it).

You may want to make some changes to this file:

·         Make a directory to serve as your key working area and change dir to point to it.

*****

Original line
dir         = DIRECTORY

Ok. I created a directory and set this line as follows:

dir         = /etc/openVPN

Am I supposed to move the openssl.cnf file here? Or is this directory for later?

*****

·         Consider increasing default_days so your VPN doesn't mysteriously stop working after exactly one year.

*****

Done

*****

·         Set certificate and private_key to point to your master certificate authority certificate and private key files which we will presently generate. In the examples below, we will assume that your certificate authority certificate is named my-ca.crt and your certificate authority private key is named my-ca.key.

*****

Changed these two lines as follows:

Certificate       =$dir/my-ca.crt

Private_key       =$dir/my-ca.key

*****

·         Note the files index.txt and serial. Initialize index.txt to be empty and serial to contain an initial serial number such as 01.

*****

            Based on this I think I should create two files in the /etc/openVPN directory. An index.txt file and a serial file. Are both of these text files? And should the serial file just contain the number “01”? What about the index.txt file, is it empty?

Any rate I think that’s enough for now. Thanks for the help!

-James