Install OpenVPN server in Openvz container Ubuntu Server

Posted by: mah 7 years, 8 months ago

(0 comments)

    Today we are going to install OPENVPN Server in OpenVZ contaiter.

After create container for example 102, we need create tun/tap device in OpenVZ host :

vzctl set 102 --devnodes net/tun:rw --save

vzctl set 102 --devices c:10:200:rw --save

vzctl set 102 --capability net_admin:on --save

vzctl exec 102 mkdir -p /dev/net

vzctl exec 102 mknod /dev/net/tun c 10 200

Then go to the container:

vzctl enter 102

installing Openvpn server: step 1:

#apt-get update
#apt-get install openvpn
#mkdir /etc/openvpn/easy-rsa/ 
#cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

step 2: Edit /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="NY City"
export KEY_EMAIL="[email protected]"

step 3: Setup the CA and create the first server certificate

cd /etc/openvpn/easy-rsa/
sudo ln -s openssl-1.0.0.cnf openssl.cnf
source ./vars
./clean-all  ##Deletes all keys
./build-dh
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key
cd keys
openvpn --genkey --secret ta.key  ## Build a TLS key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../

Configuring server.conf

local 10.184.211.130 # <local ip address>
port 1194
proto udp
dev tun
;dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.184.212.0 255.255.255.0 # range ip address for clients
#ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1"
push "route 10.184.211.0 255.255.255.0"
push "route 10.0.1.0 255.255.255.0" # you can delete it
push "route 10.0.0.0 255.255.255.0" 
push "dhcp-option DNS 10.184.211.131"
#push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Then try  to start OpenVPN

#/etc/init.d/openvpn start

  Next step we will create keys for clients:

#source ./vars
#./build-key client1

after answer some questions in dir keys we will see 3 files: client1.key client1.crt client1.csr Wen need 3 files:

ca.crt, client1.key, client1.crt

and copy to client's host   Configuring client access to VPN server installing openvpn:

$sudo apt-get update
$sudo apt-get install openvpn
$cd /etc/openvpn
$sudo vim openvpn.conf

 client
 dev tun
 proto udp
 remote 10.184.211.130 1194 #this is ip address Opnevpn server
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert mah.crt
 key mah.key
 comp-lzo
 verb 3

keys should be here in this directory: /etc/openvpn/ Trying start service

$sudo /etc/init.d/openvpn start

$ifconfig
 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.184.212.6 P-t-P:10.184.212.5 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:234452 errors:0 dropped:231992 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B) TX bytes:349924494 (349.9 MB)

interface tun0 is up , look's like good =============== links: https://help.ubuntu.com/community/OpenVPN   #how to install OpenVPN in Ubuntu https://openvz.org/VPN_via_the_TUN/TAP_device  #VPN via the TUN/TAP device  in OpenVZ container    

• Tags:
• openvpn,
• ubuntu,
• linux,
• vpn

• ← Ubuntu bonding
• Install Percona cluster 5.6 on Ubuntu 12.04 →