OpenVPN Setup for CentOS 5.5

Cryptographically secure pseudorandom number g...

Today I came across CentOS 5.5 where I had to test a solution encapsulated in PPTP VPN. I tried pptp-setup based VPN but it was old enough for not supporting it. So I had to come up with something else. I use OpenVPN on Ubuntu so I thought of it and started searching.

After around 30 minutes, I came up with this tutorial to install OpenVPN in your CentOS 5.5.

 

Step 1: Check TUN/TAP status if it’s active or not, using:

cat /dev/net/tun

The response should be:

cat: /dev/net/tun: File descriptor in bad state

Step 2: Install Compilation Tools, using:

yum install gcc make

Step 3: Download OpenVPN Package in /usr/local/src

cd /usr/local/src

and then

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

Step 4: Check your Processor Architecture using:

uname -a

If result says something including i386 OR i686 OR x86 then you have 32 bit machine.

If result says something including i686_64 or x86_64 then you have 64 but machine.

Step 5: Download OpenVPN Repo, using:

For 32 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For 64 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 7: Install Required YUM Packages using:

yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Step 8: Install the Downloaded RPMs and Add them to your repo using given statements one by one. Replace x86_64 with i386 in second & third command in case you’re using 32 bit system:

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 9: Install OpenVPN Yum Package

yum install openvpn

Step 10: Get your OpenVPN Files from http://www.vpnbook.com. Go to OpenVPN Section and download appropriate server’s Zip file.  The link to download was http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip in my case so I did:

wget http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip

Step 11: Unzip file using:

unzip VPNBook.com-OpenVPN-Euro1.zip

You will now see multiple .ovpn files with different ports. I recommend using udp port. Assuming that I have to use vpnbook-euro1-udp25000.ovpn file available at /home/max/Downloads/ I will follow this command start VPN:

openvpn /home/max/Downloads/vpnbook-euro1-udp25000.ovpn

Step 12: Use Credentials provided from http://www.vpnbook.com

You will be prompted for usernamd and password. VPNBook username is always vpnbook. The password can be changed and if your ISP doesn’t even allow to open the website, you can simply follow @vpnbook on Twitter where they always announce their current updated password (which is same for all servers).

Once done, OpenVPN will take care of default route itself.

 

P.S: I can’t do VoIP Calls (SIP Based) on VPNBook, so if you have any other good free or psudo-free service in head, please let me know in comments.

Enhanced by Zemanta
Advertisements

PPTP Client Setup on CentOS

It can be simple or complicated. For complicated there’s Google. But if for some reason you’ve reach here on this page, here’s the simple way to configure yout PPTP VPN on CentOS.

First, search for yum package for your OS using:

yum search pptp

You may find different results. Go for one with something like pptp.i686 or pptp.x86_64 (you’re not going to see both of them rather just one depending upon your machine processor architecture, i.e. 32 bit or 64 bit). Assuming that yours is x86, you will have to go with:

yum -y install pptp.i686

Once done, install pptp-setup to simplify the whole PPTP Client Setup:

yum -y install pptp-setup

That’s it. Installation part is done. Now to start VPN Client:
pptpsetup –create your_vpn_connection_name –server vpn_server_hostname_or_ip –username your_vpn_server_username –password your_vpn_server_password –encrypt –start

After this, don’t forget to route your traffic to VPN. You have to delete the current default route first:

route del default

and then add the new one pointing to your PPTP device:

 

route add default dev ppp0

That’s it. You’re encrypted and anonymous on your ISP now (except deep packet filtering ones).

To stop the pptp service:

pptpsetup –delete yout_vpn_connection_name

Don’t forget to add back the default gateway (assuming that your eth0 IP is 10.0.8.166), followed by Network Service restart:

route add default gateway 10.0.8.166 eth0

service network restart

PPTP VPN Autoconnect

We had a requirement to keep a PPTP VPN Service up 24/7 for one of our servers. We purchased an Online PPTP account that was good enough however, the problem was that PPTP Dialer keeps on disconnecting like once in a day or so. The services relying upon that account were getting disrupted and so we were facing issues.

So I decided to write a startup script in CentOS that could monitor PPTP interface, sense it’s disconnection, dial the VPN again and change the default route to PPP device so that traffic finds a way tunnelled patch to WAN.

For those who are not aware of Linux, you can create a startup service using either of init.d or init (upstart) script. The concept of these two startup scripts is that everytime Linux changes it’s state from one Runlevel to another, it looks for some scripts that are supposed to be run while entering in this Runlevel. The Runlevel is a number ranging from 0 to 6 and declares a particular state of a system.

As stated earlier, your script can either be a traditional init.d script or comparatively newer Upstart Script. Init.d scripts are not smart enough specially when it comes to the scripts that are dependent on each other. Other than that, init.d scripts are complex to be written. On the other hand, the Upstart scripts can be made dependent on each other by defining certain events everytime they start successfully. Besides, they can also made dependent on other events/runlevels or even running services. Another great benefit of upstart script is that it can generate certain subscripts before starting/stopping or after starting/stopping.

So, keeping the advantages in mind, I decided to go ahead with Upstart Script. The script should be capable of 4 tasks automation which are:

  • Startup and Halt on Specific Runlevel
  • Deleting Old Default Route
  • PPTP Dialing
  • Adding New Default Route Pointing to PPP Device

First of all, define the Start and Stop Conditions:

start on runlevel [2345]

stop on runlevel [06]

Since we want our script to monitor the VPN Service continuously, we need to make sure it restarts in case it gets killed by any means. For that we need to respawn it and to daemonize it. This can be done by following two statements:

respawn

expect fork

Now let’s start the script we need to generate before dialing PPTP VPN. This part is supposed to delete the default route and add a new host via default gateway. In our case default gateway is 10.0.8.1 and Host is 109.x.x.x:

pre-start script

/sbin/route del default || true

sleep 1s

/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true

end script

At this point we need to dial our VPN:

exec pppd call ukvpn

Let’s change default static route pointing towards recently connected PPP device using Post Start Script:

post-start script

sleep 3s

/sbin/route add default dev ppp0

end script

So the overall script becomes:

start on runlevel [2345]
stop on runlevel [06]
respawn
expect fork

pre-start script
/sbin/route del default || true
sleep 1s
/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true
end script

exec pppd call ukvpn

post-start script
sleep 3s
/sbin/route add default dev ppp0
end script

You need to create a new file using sudo vi /etc/init/pptps.conf and then paste these contents in that file. Once done, you can start and stop service using start pptps, stop pptps. Restart will be like restart pptps and status can be seen using status pptpts.

Drop questions if you need any help.

Enhanced by Zemanta