OpenVPN Setup for CentOS 5.5

Cryptographically secure pseudorandom number g...

Today I came across CentOS 5.5 where I had to test a solution encapsulated in PPTP VPN. I tried pptp-setup based VPN but it was old enough for not supporting it. So I had to come up with something else. I use OpenVPN on Ubuntu so I thought of it and started searching.

After around 30 minutes, I came up with this tutorial to install OpenVPN in your CentOS 5.5.

 

Step 1: Check TUN/TAP status if it’s active or not, using:

cat /dev/net/tun

The response should be:

cat: /dev/net/tun: File descriptor in bad state

Step 2: Install Compilation Tools, using:

yum install gcc make

Step 3: Download OpenVPN Package in /usr/local/src

cd /usr/local/src

and then

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

Step 4: Check your Processor Architecture using:

uname -a

If result says something including i386 OR i686 OR x86 then you have 32 bit machine.

If result says something including i686_64 or x86_64 then you have 64 but machine.

Step 5: Download OpenVPN Repo, using:

For 32 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For 64 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 7: Install Required YUM Packages using:

yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Step 8: Install the Downloaded RPMs and Add them to your repo using given statements one by one. Replace x86_64 with i386 in second & third command in case you’re using 32 bit system:

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 9: Install OpenVPN Yum Package

yum install openvpn

Step 10: Get your OpenVPN Files from http://www.vpnbook.com. Go to OpenVPN Section and download appropriate server’s Zip file.  The link to download was http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip in my case so I did:

wget http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip

Step 11: Unzip file using:

unzip VPNBook.com-OpenVPN-Euro1.zip

You will now see multiple .ovpn files with different ports. I recommend using udp port. Assuming that I have to use vpnbook-euro1-udp25000.ovpn file available at /home/max/Downloads/ I will follow this command start VPN:

openvpn /home/max/Downloads/vpnbook-euro1-udp25000.ovpn

Step 12: Use Credentials provided from http://www.vpnbook.com

You will be prompted for usernamd and password. VPNBook username is always vpnbook. The password can be changed and if your ISP doesn’t even allow to open the website, you can simply follow @vpnbook on Twitter where they always announce their current updated password (which is same for all servers).

Once done, OpenVPN will take care of default route itself.

 

P.S: I can’t do VoIP Calls (SIP Based) on VPNBook, so if you have any other good free or psudo-free service in head, please let me know in comments.

Enhanced by Zemanta
Advertisements

PPTP Client Setup on CentOS

It can be simple or complicated. For complicated there’s Google. But if for some reason you’ve reach here on this page, here’s the simple way to configure yout PPTP VPN on CentOS.

First, search for yum package for your OS using:

yum search pptp

You may find different results. Go for one with something like pptp.i686 or pptp.x86_64 (you’re not going to see both of them rather just one depending upon your machine processor architecture, i.e. 32 bit or 64 bit). Assuming that yours is x86, you will have to go with:

yum -y install pptp.i686

Once done, install pptp-setup to simplify the whole PPTP Client Setup:

yum -y install pptp-setup

That’s it. Installation part is done. Now to start VPN Client:
pptpsetup –create your_vpn_connection_name –server vpn_server_hostname_or_ip –username your_vpn_server_username –password your_vpn_server_password –encrypt –start

After this, don’t forget to route your traffic to VPN. You have to delete the current default route first:

route del default

and then add the new one pointing to your PPTP device:

 

route add default dev ppp0

That’s it. You’re encrypted and anonymous on your ISP now (except deep packet filtering ones).

To stop the pptp service:

pptpsetup –delete yout_vpn_connection_name

Don’t forget to add back the default gateway (assuming that your eth0 IP is 10.0.8.166), followed by Network Service restart:

route add default gateway 10.0.8.166 eth0

service network restart

PPTP VPN Autoconnect

We had a requirement to keep a PPTP VPN Service up 24/7 for one of our servers. We purchased an Online PPTP account that was good enough however, the problem was that PPTP Dialer keeps on disconnecting like once in a day or so. The services relying upon that account were getting disrupted and so we were facing issues.

So I decided to write a startup script in CentOS that could monitor PPTP interface, sense it’s disconnection, dial the VPN again and change the default route to PPP device so that traffic finds a way tunnelled patch to WAN.

For those who are not aware of Linux, you can create a startup service using either of init.d or init (upstart) script. The concept of these two startup scripts is that everytime Linux changes it’s state from one Runlevel to another, it looks for some scripts that are supposed to be run while entering in this Runlevel. The Runlevel is a number ranging from 0 to 6 and declares a particular state of a system.

As stated earlier, your script can either be a traditional init.d script or comparatively newer Upstart Script. Init.d scripts are not smart enough specially when it comes to the scripts that are dependent on each other. Other than that, init.d scripts are complex to be written. On the other hand, the Upstart scripts can be made dependent on each other by defining certain events everytime they start successfully. Besides, they can also made dependent on other events/runlevels or even running services. Another great benefit of upstart script is that it can generate certain subscripts before starting/stopping or after starting/stopping.

So, keeping the advantages in mind, I decided to go ahead with Upstart Script. The script should be capable of 4 tasks automation which are:

  • Startup and Halt on Specific Runlevel
  • Deleting Old Default Route
  • PPTP Dialing
  • Adding New Default Route Pointing to PPP Device

First of all, define the Start and Stop Conditions:

start on runlevel [2345]

stop on runlevel [06]

Since we want our script to monitor the VPN Service continuously, we need to make sure it restarts in case it gets killed by any means. For that we need to respawn it and to daemonize it. This can be done by following two statements:

respawn

expect fork

Now let’s start the script we need to generate before dialing PPTP VPN. This part is supposed to delete the default route and add a new host via default gateway. In our case default gateway is 10.0.8.1 and Host is 109.x.x.x:

pre-start script

/sbin/route del default || true

sleep 1s

/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true

end script

At this point we need to dial our VPN:

exec pppd call ukvpn

Let’s change default static route pointing towards recently connected PPP device using Post Start Script:

post-start script

sleep 3s

/sbin/route add default dev ppp0

end script

So the overall script becomes:

start on runlevel [2345]
stop on runlevel [06]
respawn
expect fork

pre-start script
/sbin/route del default || true
sleep 1s
/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true
end script

exec pppd call ukvpn

post-start script
sleep 3s
/sbin/route add default dev ppp0
end script

You need to create a new file using sudo vi /etc/init/pptps.conf and then paste these contents in that file. Once done, you can start and stop service using start pptps, stop pptps. Restart will be like restart pptps and status can be seen using status pptpts.

Drop questions if you need any help.

Enhanced by Zemanta

Asterisk 11 Installation on CentOS 6

CentOS
CentOS (Photo credit: Wikipedia)
Logo de Asterisk
Asterisk Logo (Photo credit: Wikipedia)

This page shows installation of Asterisk 11.0.0 on CentOS 6. It’s been assumed that you have already installed CentOS 6 on your machine. The main steps of installation can be summarized as:

1. CentOS Updates (If Any)
2. Disabling SELinux
3. Reboot
4. Installation of Dependencies for Asterisk 11
5. Downloading your Asterisk Source Code
6. Extraction of Downloaded Files
7. DAHDI Installation
8. LibPRI Installation
9. Change Asterisk Directory
10. Run Configure Script for Asterisk
11. Install Sample Files
12. Start DAHDI
13. Start Asterisk

Each step is elaborated as under:

1. CentOS Updates

Update your CentOS 6 Server for any possible unimplemented updates.

yum update -y

2. Disabling SELinux

You can use any text editor (VIM etc) to commit this change. Go to /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled
This can also be done by using command line:

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

3. Reboot

Once the aforementioned change is committed and the file is updated, reboot the system using:

reboot

4. Installation of Basic Dependencies

Asterisk 11.0.0 requires some prerequisite dependencies. Here is the command line to install them:

yum install -y make wget openssl-devel ncurses-devel newt-devel libxml2-devel kernel-devel gcc gcc-c++ sqlite-devel

5. Downloading Your Asterisk Source Code

Move to directory /usr/src by given command:

cd /usr/src/

and then download the Source Code tar balls using these commands (one by one or at a time):

6. Extraction of Downloaded Files

Extract the downloaded tar balls to their corresponding directories using:

tar zxvf dahdi-linux-complete*
tar zxvf libpri*
tar zxvf asterisk*

7. DAHDI Installation

DAHDI (Digium Asterisk Hardware Device Interface) can be installed using the command line:

cd /usr/src/dahdi-linux-complete*
make && make install && make config

8. LibPRI Installation

In order to enable your BRI, PRI and QSIG based hardware, you will be needing PRI Library or LibPRI. You can install these libraries using:

cd /usr/src/libpri*
make && make install

9. Changing Asterisk Directory

Now you have to move back to the Asterisk Installation Directory:

cd /usr/src/asterisk*

10. Running Configure Script for Asterisk

At this point, you need to know your CentOS 6 Architecture (32 or 64 Bit). In many cases you are aware of it. In case you are not, try this command:

uname -a

For 32 Bit, you will be getting response like:

2.6.18-238.12.1.el5 #1 SMP Tue May 31 13:23:01 EDT 2011 i686 i686 i386 GNU/Linux

For 64 Bit, system will respond with something like:

2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

Based on your OS Architecture, go ahead with these commands for Asterisk Configuration Script. For 32 Bit:

./configure && make menuselect && make && make install

For 64 Bit:

./configure –libdir=/usr/lib64 && make menuselect && make && make install

11. Installing Sample Files

Sample files are great resource specially for the newbies. Install Sample Files using:

make samples

Once done, add the Asterisk Install Script in directory /etc/init.d/ using:

make config

12. Starting DAHDI

To start DAHDI Device Drivers, use:

service dahdi start

13. Start Asterisk

Finally, start Asterisk:

service asterisk start

Do your stuff by connecting to the Asterisk Console:

asterisk -rvvv
Enhanced by Zemanta