OpenVPN Linux CentOS installation – Part 2

Part 2 – Making OpenVPN work as a Client

When we want to connect to Office network from an external location or from home, then we need to setup our Linux box to establish communication with the server at the office via a secured link over the internet. In this part, I will list down the steps needed to establish a client communication.

For you to connect to your Office network where VPN is installed, your server administrator would have given you the following files:

– a .csr file (like for e.g. yourname.csr)
– a .crt file (like for e.g. yourname.crt)
– a .key file (like for e.g. yourname.key)
– a .conf file (like for e.g. yourname.conf)

A sample <<yourname.conf>> file:

[root@computer /]# vi yourname.conf

#yourname.conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote vpn_server_ip_address 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/yourname.crt
key /etc/openvpn/yourname.key
cipher BF-CBC
comp-lzo
verb 3

As you can see from the above file, you need to COPY the file <<yourname.csr>>, <<yourname.crt>>, <<yourname.key>>, <<yourname.conf>> to the location /etc/openvpn/. If you want to setup a different folder for having these files separately, then give the appropriate path inside <<yourname.conf>> file.

Inside <<yourname.conf>> file, replace vpn_server_ip_address with the IP address given by your server administrator.

Now you are good to go. Issue the command

[root@computer /]# openvpn –config yourname.conf

Once the connection is established you will get a line stating that “Initialization sequence completed” which signals that client communication with the remote location is instantiated. Now you can browse through the files in the remote server wherever you are.

Notes:
– Inside <<yourname.conf>>  file, DO NOT have ~ (tilde) mark to signify the root. This is not recognized from within the .conf file and it will return an error.
– Check the line that states ‘cipher’ in <<yourname.conf>>. Here I have stated that BF-CBC as my 128 bit cypher encryption algorithm for establishing my connection. Depending on the information given by your server admin, you may need to change this part.

Share

Written by kurinchiblogger


Website:

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *