Install OpenVPN server in Openvz container Ubuntu Server

(0 comments)

openvpn

    Today we are going to install OPENVPN Server in OpenVZ contaiter.

After create container for example 102, we need create tun/tap device in OpenVZ host :

vzctl set 102 --devnodes net/tun:rw --save

vzctl set 102 --devices c:10:200:rw --save

vzctl set 102 --capability net_admin:on --save

vzctl exec 102 mkdir -p /dev/net

vzctl exec 102 mknod /dev/net/tun c 10 200

Then go to the container:

vzctl enter 102

installing Openvpn server: step 1:

#apt-get update
#apt-get install openvpn
#mkdir /etc/openvpn/easy-rsa/ 
#cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

step 2: Edit /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="NY City"
export KEY_EMAIL="[email protected]"

step 3: Setup the CA and create the first server certificate

cd /etc/openvpn/easy-rsa/
sudo ln -s openssl-1.0.0.cnf openssl.cnf
source ./vars
./clean-all  ##Deletes all keys
./build-dh
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
cd keys
openvpn --genkey --secret ta.key  ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../

Configuring server.conf

local 10.184.211.130 # <local ip address>
port 1194
proto udp
dev tun
;dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.184.212.0 255.255.255.0 # range ip address for clients
#ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1"
push "route 10.184.211.0 255.255.255.0"
push "route 10.0.1.0 255.255.255.0" # you can delete it
push "route 10.0.0.0 255.255.255.0" 
push "dhcp-option DNS 10.184.211.131"
#push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Then try  to start OpenVPN

#/etc/init.d/openvpn start

  Next step we will create keys for clients:

#source ./vars
#./build-key client1

after answer some questions in dir keys we will see 3 files: client1.key client1.crt client1.csr Wen need 3 files:

ca.crt, client1.key, client1.crt

and copy to client's host   Configuring client access to VPN server installing openvpn:

$sudo apt-get update
$sudo apt-get install openvpn
$cd /etc/openvpn
$sudo vim openvpn.conf
 client
 dev tun
 proto udp
 remote 10.184.211.130 1194 #this is ip address Opnevpn server
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert mah.crt
 key mah.key
 comp-lzo
 verb 3

keys should be here in this directory: /etc/openvpn/ Trying start service

$sudo /etc/init.d/openvpn start
$ifconfig
 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.184.212.6 P-t-P:10.184.212.5 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:234452 errors:0 dropped:231992 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B) TX bytes:349924494 (349.9 MB)

interface tun0 is up , look's like good =============== links: https://help.ubuntu.com/community/OpenVPN   #how to install OpenVPN in Ubuntu https://openvz.org/VPN_via_the_TUN/TAP_device  #VPN via the TUN/TAP device  in OpenVZ container    

Current rating: 1

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required