for keeping track of my digital experiments

A bit of googling turned up a great post by on howtoforge.com called, “OpenVPN Server On CentOS 5.2“. I didn’t know quite how to add the rpmforge repo that is needed to install OpenVPN from so … google turned up another handy article how to do that called, “CentOS 5 – install rpmforge yum repo“. I checked the rpmforge RPM releases at http://dag.wieers.com/rpm/packages/rpmforge-release/ to be sure that this is the latest release … it is (as of June 2009). The following pasties are based off of the aforementioned article with some changes.

yum install openvpn
cd /etc/openvpn/
mkdir easy-rsa
cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/2.0/* easy-rsa/
chmod -R 777 easy-rsa/
cd easy-rsa/
. ./vars
./clean-all
./build-ca
–> For the common name use “OpenVPN-CA”, of anything else helpfully descriptive. <–
./build-key-server server
–> Enter various customized values if you so please, but be sure to leave the common name value as the default – “server”. Oh, and answer yes to the two questions at the end. <–
./build-key client1
–> Change the number 1 to 2, 3, and so on how ever many client certificates you want. Leave the common name as the default “clientn“. <–
./build-dh
cd keys/
openvpn --genkey --secret ta.key

For more information on transferring the necessary keys to the client, see the final part of a blog post I did on running OpenVPN on Debian.

I created two example config files utilizing the OpenVPN routed tunnel method … hope they help. [server] [client]

Just add the static routes to the VPN subnet(s) to your LAN gateway.

If you need any help I suppose you could always pay me to set this up for you, that’s what I’ve done for some other folks.

I have been searching for a way to visualize an OpenVPN setup for some time now. I need it to be virtual because of my lack of physical machines. I have had OpenVPN running before using Ethernet bridging, but without the adequate hardware, it is time to go virtual and use routing methods instead of bridging.

With a little bit of google searching I found “Adding openvpn support to openvz VPS” on biogeogen.com. The post in question gets you started, but leaves out a few pointers.

1) Don’t use the /etc/modules.conf file, just throw up modprobe tun inside of /etc/rc.d/rc.local. So the command will be executed each boot time. This is of course if after using lsmod | grep tun, you discover that tun support is not automatically loaded.
2) You need to have the virtual node off before running the following command on it: vzctl set 101 --capability net_admin:on --save. Where 101 is the VEID.
3) To execute commands on said virtual node with vzctl exec, you then need it to be started.

So the revised pastie:

lsmod | grep tun
[no output, then -->] modprobe tun
[stop the container]
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
[start the container]
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

For setting up OpenVPN inside of the virtual node see: OpenVPN on Debian linux.

Yesterday I finished up some server setup research for this upcoming Virtual Private Server (VPS) hosting project of mine. Hopefully within the month I will start leasing VPS’s. To do this, I needed a pretty stable and inexpensive control panel that will let users manage/re-image their VPS. None of the FOSS web managers had these two necessary capabilities that I need. So I went with HyperVM, a OpenVZ/Xen VPS web manager that I’ve seen in use by one of my hosting providers, Jadase. The only reason I stick with them is because I got grandfathered into the VPS 2 plan for $10/month. You can’t beat that! Well I will sure be able to beat out their VPS prices, I’ll be charging $13.50/month for the eqivalent of their VPS 2 plan.

Back to HyperVM. It is increadible easy to install on a CentOS 5.2 machine! Follow the HyperVM install instructions found here, once you have the physical box you want this to run on set up with a barebones CentOS 5.2 install. The install downloads about 1.1 GB of data, which is mainly the VPS templates for OpenVZ and Xen. HyperVM comes with a 5 VPS license built in (for testing), and licensing is really cheap and easy (compared to VMware ESX and Server 2003 Volume Licensing). HyperVM is USD $0.50/month per VPS.

I’ve tried rolling VMware server and workstation on OpenVZ nodes in the past, but I figured I’d give it a go again just for kicks. Still I was unable to get the proper kernel-headers to work with gcc to compile VMware server/workstation. The RPMs run just fine installing the components, but then compiling and installing the various compents (especially vmon) during the vmware-config.pl seems to fail time-and-time again. I just can’t get gcc to work with the custom OpenVZ kernel. I suppose it was never meant to be … two level of virtualization.