for keeping track of my digital experiments

A bit of googling turned up a great post by on howtoforge.com called, “OpenVPN Server On CentOS 5.2“. I didn’t know quite how to add the rpmforge repo that is needed to install OpenVPN from so … google turned up another handy article how to do that called, “CentOS 5 – install rpmforge yum repo“. I checked the rpmforge RPM releases at http://dag.wieers.com/rpm/packages/rpmforge-release/ to be sure that this is the latest release … it is (as of June 2009). The following pasties are based off of the aforementioned article with some changes.

yum install openvpn
cd /etc/openvpn/
mkdir easy-rsa
cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/2.0/* easy-rsa/
chmod -R 777 easy-rsa/
cd easy-rsa/
. ./vars
./clean-all
./build-ca
–> For the common name use “OpenVPN-CA”, of anything else helpfully descriptive. <–
./build-key-server server
–> Enter various customized values if you so please, but be sure to leave the common name value as the default – “server”. Oh, and answer yes to the two questions at the end. <–
./build-key client1
–> Change the number 1 to 2, 3, and so on how ever many client certificates you want. Leave the common name as the default “clientn“. <–
./build-dh
cd keys/
openvpn --genkey --secret ta.key

For more information on transferring the necessary keys to the client, see the final part of a blog post I did on running OpenVPN on Debian.

I created two example config files utilizing the OpenVPN routed tunnel method … hope they help. [server] [client]

Just add the static routes to the VPN subnet(s) to your LAN gateway.

If you need any help I suppose you could always pay me to set this up for you, that’s what I’ve done for some other folks.

I have been searching for a way to visualize an OpenVPN setup for some time now. I need it to be virtual because of my lack of physical machines. I have had OpenVPN running before using Ethernet bridging, but without the adequate hardware, it is time to go virtual and use routing methods instead of bridging.

With a little bit of google searching I found “Adding openvpn support to openvz VPS” on biogeogen.com. The post in question gets you started, but leaves out a few pointers.

1) Don’t use the /etc/modules.conf file, just throw up modprobe tun inside of /etc/rc.d/rc.local. So the command will be executed each boot time. This is of course if after using lsmod | grep tun, you discover that tun support is not automatically loaded.
2) You need to have the virtual node off before running the following command on it: vzctl set 101 --capability net_admin:on --save. Where 101 is the VEID.
3) To execute commands on said virtual node with vzctl exec, you then need it to be started.

So the revised pastie:

lsmod | grep tun
[no output, then -->] modprobe tun
[stop the container]
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
[start the container]
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

For setting up OpenVPN inside of the virtual node see: OpenVPN on Debian linux.

OpenVZ setup procedure followed – January 6th, 2009
host machine – 1.5ghz Pentium 4 (i386), 1GB ram, 40GB hard disk drive
host os – CentOS 5.2
for more detailed installation information see: http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

This installation of CentOS 5.2 is on a i386 machine, be sure to substitute in for a 64-bit machine if you have one. Following most/all of the instructions will give you an OpenVZ CentOS 5.2 host with browser-based administration of your VPS(es) with vtonf. This cookbook assumes running knowledge of how to edit configuration files via “vi”, using yum to install dependencies/software, and how to install via tarballs (.tar.gz).

1. Install latest CentOS distro on physical server (at the time of writing this, it was 5.2)
   • minimal install only requires disc 1 – “CentOS-5.2-i386-bin-1of6.iso”
   • choose your mirror: http://isoredirect.centos.org/centos/5/isos/i386/
   • partition setup note: 5GB for root filesystem, 1.25X-2X size of RAM for swap, rest of space for /vz (the VPS nodes and OS templates)
   • During the category/task selection, deselect all package categories, and choose the “Customize now” option at the bottom of screen. During the customized package selection, deselect everything. This will allow for a “minimal” install with only disc 1.
2. Configure static ipv4/ipv6 address(es) – /etc/sysconfig/network/
3. Setup dns nameservers – /etc/resolv.conf
4. Run an update: yum update
5. Follow hotwo: http://www.howtoforge.com/installing-and-using-openvz-on-centos5.2
6. Download VTONF – http://vtonf.com/downloads.html
7. tar xzvf on the archive you just downloaded and cd into the created directory
8. Follow on screen instructions to complete setup
9. If you wanna go crazy with the customizations get into the “/etc/vtonf/” directory and check things out
10. To allow connections to vtonf from IPv4/6 addresses other than through the localhost, modify the code block within “/etc/vtonf/vtonf.conf” so it looks like the below code block. Note the second line!

    fastcgi.server = ( ".php" =>
( "*" =>
( "socket" => "/tmp/vtonf.socket",
"bin-path" => "/usr/local/vtonfphp/bin/php",
"max-procs" => 1,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "4",
"PHP_FCGI_MAX_REQUESTS" => "10000"
),
)
)
)

11. Remember to modify the OpenVZ host IPTABLES rules so that it allows traffic to the VPS nodes. I just turned mine off (service iptables stop; chkconfig iptables off), because I got an external firewall/router in my home LAN.

That’s it you are good to go to start reselling VPSes to clients!