Wednesday, July 24, 2013

How easy to install OpenVPN on an AWS EC2 CentOS instance.

## don't forget to open UDP 1194 port on your firewall.

$ wget https://github.com/viljoviitanen/setup-simple-openvpn/archive/master.zip
--2013-07-24 09:45:57--  https://github.com/viljoviitanen/setup-simple-openvpn/archive/master.zip
Resolving github.com (github.com)... 204.232.175.90
Connecting to github.com (github.com)|204.232.175.90|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/viljoviitanen/setup-simple-openvpn/zip/master [following]
--2013-07-24 09:45:58--  https://codeload.github.com/viljoviitanen/setup-simple-openvpn/zip/master
Resolving codeload.github.com (codeload.github.com)... 192.30.252.146
Connecting to codeload.github.com (codeload.github.com)|192.30.252.146|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘master.zip’

    [  <=>                                  ] 44,128       195KB/s   in 0.2s  

2013-07-24 09:45:59 (195 KB/s) - ‘master.zip’ saved [44128]


$ unzip master.zip
Archive:  master.zip
8c4c582d5a15a2e9a3bc2fac0691aae1bb942436
   creating: setup-simple-openvpn-master/
  inflating: setup-simple-openvpn-master/LICENSE.txt
  inflating: setup-simple-openvpn-master/OPENVPN-COPYING.txt
  inflating: setup-simple-openvpn-master/README.rst
   creating: setup-simple-openvpn-master/easy-rsa/
  inflating: setup-simple-openvpn-master/easy-rsa/Makefile
  inflating: setup-simple-openvpn-master/easy-rsa/README
  inflating: setup-simple-openvpn-master/easy-rsa/build-ca
  inflating: setup-simple-openvpn-master/easy-rsa/build-dh
  inflating: setup-simple-openvpn-master/easy-rsa/build-inter
  inflating: setup-simple-openvpn-master/easy-rsa/build-key
  inflating: setup-simple-openvpn-master/easy-rsa/build-key-pass
  inflating: setup-simple-openvpn-master/easy-rsa/build-key-pkcs12
  inflating: setup-simple-openvpn-master/easy-rsa/build-key-server
  inflating: setup-simple-openvpn-master/easy-rsa/build-req
  inflating: setup-simple-openvpn-master/easy-rsa/build-req-pass
  inflating: setup-simple-openvpn-master/easy-rsa/clean-all
  inflating: setup-simple-openvpn-master/easy-rsa/index.html
  inflating: setup-simple-openvpn-master/easy-rsa/inherit-inter
  inflating: setup-simple-openvpn-master/easy-rsa/list-crl
  inflating: setup-simple-openvpn-master/easy-rsa/openssl-0.9.6.cnf
  inflating: setup-simple-openvpn-master/easy-rsa/openssl.cnf
  inflating: setup-simple-openvpn-master/easy-rsa/pkitool
  inflating: setup-simple-openvpn-master/easy-rsa/revoke-full
  inflating: setup-simple-openvpn-master/easy-rsa/sign-req
  inflating: setup-simple-openvpn-master/easy-rsa/vars
  inflating: setup-simple-openvpn-master/easy-rsa/whichopensslcnf
  inflating: setup-simple-openvpn-master/setup.sh
  inflating: setup-simple-openvpn-master/template-client-config
  inflating: setup-simple-openvpn-master/template-server-config
[ec2-user@wiki2 install_vpn]$ ls
master.zip  setup-simple-openvpn-master
[ec2-user@wiki2 install_vpn]$ cd *master
[ec2-user@wiki2 setup-simple-openvpn-master]$ ls
easy-rsa             README.rst              template-server-config
LICENSE.txt          setup.sh
OPENVPN-COPYING.txt  template-client-config
[ec2-user@wiki2 setup-simple-openvpn-master]$ vi RE*
[ec2-user@wiki2 setup-simple-openvpn-master]$ sudo ./setup.sh
sudo: ./setup.sh: command not found
[ec2-user@wiki2 setup-simple-openvpn-master]$ chmod +x *.sh
[ec2-user@wiki2 setup-simple-openvpn-master]$ sudo ./setup.sh
Loaded plugins: priorities, security, update-motd, upgrade-helper
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openvpn.x86_64 0:2.3.1-3.8.amzn1 will be installed
--> Processing Dependency: liblzo2.so.2()(64bit) for package: openvpn-2.3.1-3.8.amzn1.x86_64
--> Processing Dependency: libpkcs11-helper.so.1()(64bit) for package: openvpn-2.3.1-3.8.amzn1.x86_64
--> Running transaction check
---> Package lzo.x86_64 0:2.06-2.3.amzn1 will be installed
---> Package pkcs11-helper.x86_64 0:1.07-5.4.amzn1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package            Arch        Version                 Repository         Size
================================================================================
Installing:
 openvpn            x86_64      2.3.1-3.8.amzn1         amzn-updates      428 k
Installing for dependencies:
 lzo                x86_64      2.06-2.3.amzn1          amzn-main          60 k
 pkcs11-helper      x86_64      1.07-5.4.amzn1          amzn-main          55 k

Transaction Summary
================================================================================
Install       3 Package(s)

Total download size: 543 k
Installed size: 1.1 M
Downloading Packages:
(1/3): lzo-2.06-2.3.amzn1.x86_64.rpm                     |  60 kB     00:00    
(2/3): openvpn-2.3.1-3.8.amzn1.x86_64.rpm                | 428 kB     00:00    
(3/3): pkcs11-helper-1.07-5.4.amzn1.x86_64.rpm           |  55 kB     00:00    
--------------------------------------------------------------------------------
Total                                           598 kB/s | 543 kB     00:00    
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : lzo-2.06-2.3.amzn1.x86_64                                    1/3
  Installing : pkcs11-helper-1.07-5.4.amzn1.x86_64                          2/3
  Installing : openvpn-2.3.1-3.8.amzn1.x86_64                               3/3
  Verifying  : openvpn-2.3.1-3.8.amzn1.x86_64                               1/3
  Verifying  : pkcs11-helper-1.07-5.4.amzn1.x86_64                          2/3
  Verifying  : lzo-2.06-2.3.amzn1.x86_64                                    3/3

Installed:
  openvpn.x86_64 0:2.3.1-3.8.amzn1                                            

Dependency Installed:
  lzo.x86_64 0:2.06-2.3.amzn1       pkcs11-helper.x86_64 0:1.07-5.4.amzn1    

Complete!
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...........+.....................+............+............................+......................................................................................................................+................+..+....+..................+....+....................................+......................................................+........+...................+..............+.......................................................................................+.+...............................................+....+.....................................+.......................................+.....+............................................++*++*++*
Using CA Common Name: simpleopenvpn CA
Generating a 1024 bit RSA private key
......................................................................++++++
..............................++++++
writing new private key to 'ca.key'
-----
Generating a 1024 bit RSA private key
...++++++
................++++++
writing new private key to 'myserver.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'Simple OpenVPN server'
organizationName      :PRINTABLE:'simpleopenvpn'
commonName            :PRINTABLE:'myserver'
emailAddress          :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Jul 22 09:48:03 2023 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Generating a 1024 bit RSA private key
...................++++++
............................................++++++
writing new private key to 'client1-simpleopenvpn.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'Simple OpenVPN server'
organizationName      :PRINTABLE:'simpleopenvpn'
commonName            :PRINTABLE:'client1-simpleopenvpn'
emailAddress          :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Jul 22 09:48:04 2023 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Detecting external ip address
============================================================
Detected your server external ip address: 54.250.178.86
============================================================
Make sure it is correct before using the client configuration files!
  adding: simpleopenvpn.ovpn (deflated 55%)
  adding: ca-simpleopenvpn.crt (deflated 38%)
  adding: client1-simpleopenvpn.key (deflated 22%)
  adding: client1-simpleopenvpn.crt (deflated 47%)
Generated configuration files are in ./openvpn.JYc/ !
Starting openvpn:                                          [  OK  ]




## download you key for PVN client

scp -i ~/.ec2/babyplaykey.pem ec2-user@54.250.178.xx:/home/ec2-user/setup_vpn/setup-simple-openvpn-master/openvpn.JYc/simpleopenvpn-54.250.178.xx.zip .

simpleopenvpn-54.250.178.xx.zip               100% 5938     5.8KB/s   00:00

## unzip this file for as your keys required for VPN connection.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)