Mount WIndows Share

Simple edit /etc/fstab and add the line

//ip windows/share /mymount cifs nosuid,nodev,noexec,credentials=/etc/samba/auth.smb,uid=500,gid=500,file_mode=0664,dir_mode=0755 0 0


then make a file

# vi /etc/samba/auth.smb





username=your user
password=your password

OpenVPN on Centos

This is step by step guide to create VPN network in two model Site to Site and Client to Site in bridge mode.

Please response any missing or incorrect...

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

# wget http://packages.sw.be/lzo/lzo-2.04-1.el5.rf.i386.rpm

# wget http://packages.sw.be/lzo/lzo-2.04-1.el5.rf.x86_64.rpm

# wget http://packages.sw.be/lzo/lzo-devel-2.04-1.el5.rf.i386.rpm

# wget http://packages.sw.be/lzo/lzo-devel-2.04-1.el5.rf.x86_64.rpm

# rpm -K lzo-*

# rpm -K lzo-* 

# wget http://packages.sw.be/openvpn/openvpn-2.1.4-1.el5.rf.x86_64.rpm

# rpm -K openvpn-2.1.4-1.el5.rf.x86_64.rpm

# rpm -ivh openvpn-2.1.4-1.el5.rf.x86_64.rpm 

OR 

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
# rpm -Uvh rpmforge-release*# yum install openvpn
# chkconfig openvpn on

# cd /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0
 goto last line and edit some infor

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"

then save and return to continue...

# chmod 775 -R /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0

# source ./vars
# ./clean-all
# ./build-ca

Generating a 1024 bit RSA private key
............++++++
...........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [BISHKEK]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [me@myhost.mydomain]:

Generate certificate & key for server

 

# ./build-key-server server

Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:

# ./build-key client1
# ./build-key client2
# ./build-key client3

 or 

# openvpn --genkey --secret ta.key 

In this sample i try to make a bridge VPN so now I create a bridge ethernet on server

# yum install bridge-utils

then goto edit  /usr/share/doc/openvpn-2.2.0/sample-scripts/bridge-start

remember only edit correct IP for bridge interface

# ./bridge-start

for startup at boot time

go to find /etc/init.d/openvpn

find start session and add two line below

./etc/openvpn/bridge-start
 route add default gw your ip gateway br0 

Here is the config file at server site 

if using same key file in two locate.

here is config for site to site using same key file

# Which local IP address should OpenVPN
# listen on? (optional)
# local a.b.c.d
port 1111 
proto udp
dev tun0
ifconfig 10.8.0.1 10.8.0.2 # ip tunnel
secret /etc/openvpn/easy-rsa/keys/ta.key # key need to generation
push "route 192.168.50.0 255.255.255.0" # server site's IP
route 192.168.70.0 255.255.255.0 10.8.0.2 # other sie's IP
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log         /var/log/openvpn.log
log-append  /var/log/openvpn.log
verb 3
mute 20

and other site config in my simple this site run ms windows so just down load binary package

from openvpn.net then download then create some file to log and save at config folder after 

that create config file client.ovpn which content below here...

Remember : copy ta.key from server site to this folder also.

remote your.VPN.server.IP  

port 1111

proto udp

dev tun

ifconfig 10.8.0.2 10.8.0.1

secret ta.key

route 192.168.50.0 255.255.255.0 10.8.0.1

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

log /path/to/file/openvpn.log

log-append /path/to/file/openvpn.log

verb 2

mute 20

...and config bridge client to server.


here is server.conf


script-security 2
tls-server
port 1111
;proto tcp
proto udp
dev tap0
;dev tun
;dev-node tap0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.50.8 255.255.255.0 192.168.50.150 192.168.50.152
server-bridge
push "route 192.168.50.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 192.168.50.1"
;push "dhcp-option DNS 208.67.220.220"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log         /var/log/openvpn.log
log-append  /var/log/openvpn.log
verb 3
mute 20


...


and client.conf

before to do this step remember rename Tap-Adapter when install Openvpn for windows to "Tap"




client
dev tap
dev-node Tap
proto udp
remote your.VPN.server.ip
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type-server
comp-lzo
status /path/to/openvpn-status.log
log         /path/to/openvpn.log
log-append  /path/to/openvpn.log
verb 3
mute 20

Now let give it a try...

Problem with Centos5 for Openvpn version under 2.2.2.

When trying to auto startup script at init.d/openvpn i was met permission denied. 

==> Solution is uninstall this version by rpm -e or by yum remove and then download new version from 

openvpn.net. Before install new version we must update openssl by two package if want to success for

install new version by two command..

yum install openssl
yum install openssl-devel 

now unpack openvpn.ver.tar.gz and then follow command to install

# ./configure

# make

# make install 

Startingup

Starting to blog....