Once you have a server and want to work like you sit in front of the console, you are looking for VPN. I have set many VPN on Linux servers. There are so many solutions and standards. Anyway, most of them rely on the standard and UDP protocol. UDP is good for tunneling but might not work correctly behide NAT and firewall. Usually, all networks allow to access web through web proxy. The web protocol, HTTP, relies on TCP protocol. OpenVPN is a VPN solution which supports both UDP and TCP at the same time. Cool! You can even establish VPN connection through HTTP proxy.

Most of all, no need to upgrade OS or machine. This howto assumes that your machine is Fedora Core 2.

1. Obtain openvpn-2.0.2-1.1.fc2.rf.i386.rpm and lzo-1.08-4.1.fc2.rf.i386.rpm
2. Install them

   rpm -ivh lzo-1.08-4.1.fc2.rf.i386.rpm openvpn-2.0.2-1.1.fc2.rf.i386.rpm

3. Prepare RSA scripts

   cp -Rp /usr/share/doc/openvpn-2.0.2/easy-rsa/ /etc/openvpn
   cp /etc/openvpn/easy-rsa/openssl.cnf /etc/openvpn

4. Modify CA information in /etc/openvpn/vars. See below example.

   export KEY_COUNTRY=TH
   export KEY_PROVINCE=BKK
   export KEY_CITY=
   export KEY_ORG="howforge.com"
   export KEY_EMAIL=""

5. Initialize the CA

   cd /etc/openvpn
   . easy-rsa/vars
   sh easy-rsa/clean-all
   sh easy-rsa/build-ca
   cd /etc/openvpn

6. Generate a certificate and private key for the server

   sh easy-rsa/build-key-server server

7. Generate certificates and keys for clients

   sh easy-rsa/build-key client1
   sh easy-rsa/build-key client2

8. Generate Diffie Hellman parameters

   sh easy-rsa/build-dh

9. Create udp configuration file for server, e.g., /etc/openvpn/notebook-udp-1194.conf

   port 1194
   proto udp
   dev tun
   ca keys/ca.crt
   cert keys/server.crt
   key keys/server.key
   dh keys/dh1024.pem
   server 10.11.0.0 255.255.255.0
   ifconfig-pool-persist ipp.txt
   push "redirect-gateway"
   keepalive 10 120
   comp-lzo
   persist-key
   persist-tun
   status openvpn-status-notebook-udp-1194.log
   verb 3

10. Create tcp configuration file for server, e.g., /etc/openvpn/notebook-tcp-1194.conf

    port 1194
    proto tcp
    dev tun
    ca keys/ca.crt
    cert keys/server.crt
    key keys/server.key
    dh keys/dh1024.pem
    server 10.12.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "redirect-gateway"
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status-notebook-tcp-1194.log
    verb 3

11. Now start them

    service openvpn start

12. Copy ca.crt, client1.crt, client1.csr, and client1.key in /etc/openvpn/keys to the client machine in C:\Program Files\OpenVPN\config
13. Create client udp configuration file C:\Program Files\OpenVPN\config\client1-udp-1194.ovpn

    client
    dev tun
    proto udp
    remote hostname.localdomain 1194
    float
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    comp-lzo
    verb 3

14. Create client tcp configuration file C:\Program Files\OpenVPN\config\client1-tcp-1194.ovpn

    client
    dev tun
    proto tcp
    remote hostname.localdomain 1194
    float
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    comp-lzo
    verb 3

15. All done!

Try it yourself. OpenVPN is the best! Enjoy VPN.

Technorati Tags: English, Security, IT, Software, Linux, Tips and Tricks, VPN, OpenVPN, Fedora, Fedora Core 2