Posted on

Howto install OpenVPN 2 on CentOS 6

These are my notes on howto install OpenVPN 2 on CentOS 6, more specifically OpenVPN 2.3.2 on CentOS 6.5.  My notes build on the DigitalOcean community guide and are accurate as of 25 April 2014.  The guide was a helpful starting point but I’ve managed to shorten a couple of the steps and updated some to take into account directories having moved, etc.

To start off you need to be on the console of the server you wish to run OpenVPN on.  I ran all of these commands as the root user, you may need to su or sudo as necessary.

  1. rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
  4. nano-w /etc/openvpn/server.conf
    1. Replace
      1. ;push “redirect-gateway def1 bypass-dhcp”
      2. push “redirect-gateway def1 bypass-dhcp”
    2. Add
      1. push “dhcp-option DNS 8.8.8.8”
      2. push “dhcp-option DNS 8.8.4.4”
    3. Replace
      1. ;user nobody
        ;group nobody
      2. user nobody
        group nobody
    4. Replace
      1. dh dh1024.pem
      2. dh dh2048.pem
    5. Save and exit nano
  5. yum install easy-rsa -y
  6. mkdir -p /etc/openvpn/easy-rsa/keys
  7. cp -R /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
  8. nano-w /etc/openvpn/easy-rsa/vars
    1. Replace values as necessary
      1. export KEY_COUNTRY=”US
        export KEY_PROVINCE=”CA
        export KEY_CITY=”SanFrancisco
        export KEY_ORG=”Fort-Funston
        export KEY_EMAIL=”me@myhost.mydomain
        export KEY_OU=”MyOrganizationalUnit
    2. Save and exit nano
  9. cd /etc/openvpn/easy-rsa
  10. source ./vars
  11. ./clean-all
  12. ./build-ca
  13. ./build-key-server server
  14. ./build-dh
  15. cd /etc/openvpn/easy-rsa/keys
  16. cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
  17. cd /etc/openvpn/easy-rsa
  18. ./build-key client
  19. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0-j MASQUERADE
    1. if unsure of eth0 (network interface) use ifconfig to look it up first
  20. service iptables save
  21. nano-w /etc/sysctl.conf
    1. Replace
      1. net.ipv4.ip_forward = 0
      2. net.ipv4.ip_forward = 1
    2. Save and exit nano
  22. service openvpn start
  23. chkconfig openvpn on
  24. Download the following files to your client
    1. /etc/openvpn/easy-rsa/keys/ca.crt
    2. /etc/openvpn/easy-rsa/keys/client.crt
    3. /etc/openvpn/easy-rsa/keys/client.key
  25. In same directory on client create client.ovpn
    1. Insert replacing items in bold as necessary
      1. client
        dev tun
        proto udp
        remote X.X.X.X 1194
        resolv-retry infinite
        nobind
        persist-key
        persist-tun
        comp-lzo
        verb 3
        <ca>
        Contents of ca.crt
        </ca>
        <cert>
        Contents of client.crt
        </cert>
        <key>
        Contents of client.key
        </key>

Hope some of you find this useful, any issues please leave a comment.

Posted on

Freed from storage failure by FreeNAS

Today I’ve been freed from storage failure by FreeNAS.

From time to time technology is a real pain in the backside.  We’re all more reliant on it than we’ve ever been before and when it goes wrong these days, generally it means you’ll end up suffering.  Storage failure is always the worst kind of technology issue because it generally means losing something that’s important to you, e.g. family photographs.

Today though in a first for me, storage failure reared its ugly head but was slapped down by FreeNAS.  Keeping a long story short, one dying drive + one next day delivery replacement drive + one set of FreeNAS wiki instructions = No need to restore from backups and NO LOSS OF DATA!

Now whilst some people might attribute all this to the components that make up FreeNAS (e.g. FreeBSD, ZFS) without the work done by the FreeNAS team to wrap these all up in a friendly, usable package, surviving a storage failure like this would have remained a pipe dream for me.

Thank you FreeNAS team!

Posted on

Getting started with DDP Yoga

It’s funny sometimes the way the world works.  I’d been trying to push myself into getting started with DDP Yoga since I ordered it just before Christmas 2013 but had struggled to get myself up off the ground.

January has always been a bit of an awful month in terms of past events and I’d not realised until today just how much looking back on things can take the wind out of your sails.

So, with my Mum’s 61st birthday meal having come and gone yesterday, today was the day I finally got myself up off the ground.

All I can say is, I was pretty sure that I was unfit before, now I know!  Oh well, onwards and upwards!

It’s an awful cliché but the video is right, you have to start somewhere!