OpenVPN client on CentOS 6.4 x64 headless server?

keymoo · 09-16-2013, 11:56 AM

I have a Windows 7 workstation which connects to the internet through my CentOS 6.4 headless firewall/proxy/router. Is it possible to connect to the internet via an openVPN client on my CentOS 6.4 machine so that machines that route through CentOS go through the VPN? On my CentOS box I have Shorewall to configure iptables, with squid proxy. I have two NICs one external through my ADSL router on network 192.168.0.0 and one for my internal network 10.0.0.0. I want all clients on 10.0.0.0 connecting to the internet to connect via the VPN.

I am using www.privateinternetaccess.com as my destination VPN server.

Any help appreciated.

smallpond · 09-16-2013, 12:29 PM

If you have the VPN set up, it should just be setting the default route to use a gateway at privateinternetaccess.com instead of the one provided by your ISP. You may need to update your iptables rules also.

# list routes
route -n
# remove current default through ISP
route del default gw a.b.c.d
# add VPN gateway
route add default gw A.B.C.D

keymoo · 09-16-2013, 01:12 PM

I don't have the VPN client, I'm wondering which one should I use that supports openVPN? Is there an rpm, etc?

smallpond · 09-16-2013, 07:56 PM

How about OpenVPN?

keymoo · 09-17-2013, 05:02 AM

I have managed to make some progress. Here's what I've done so far.

Code:

yum install openvpn

Configured the openvpn server.conf file with

Code:

client
dev tun
proto udp
remote <REMOTE_SERVER_IP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-nocache
auth-user-pass /root/.pia

started the openvpn client manually with:

Code:

# openvpn --config server.conf
Tue Sep 17 01:03:40 2013 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr  5 2012
Tue Sep 17 01:03:40 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Sep 17 01:03:40 2013 LZO compression initialized
Tue Sep 17 01:03:40 2013 UDPv4 link local: [undef]
Tue Sep 17 01:03:40 2013 UDPv4 link remote: <REMOTE_SERVER_IP>:1194
Tue Sep 17 01:03:42 2013 [server] Peer Connection Initiated with <REMOTE_SERVER_IP>:1194
Tue Sep 17 01:03:44 2013 TUN/TAP device tun0 opened
Tue Sep 17 01:03:44 2013 /sbin/ip link set dev tun0 up mtu 1500
Tue Sep 17 01:03:44 2013 /sbin/ip addr add dev tun0 local 10.115.1.6 peer 10.115.1.5
Tue Sep 17 01:03:44 2013 Initialization Sequence Completed


# ifconfig tun0

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.118.1.6  P-t-P:10.118.1.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

If I try and do

Code:

# service openvpn start
Starting openvpn:                                          [FAILED]

If I can get the service started, I will then try and configure shorewall to use the tun0 interface.