VPN Solution on Linux

How to public any service without public ip using OPENVPN.

How to public any service without public ip using OPENVPN.

Some time we want to publish our website or any service from our desktop to internet . Then we require public IP to publish our services on the internet.

So resolve this issue we can user third party services like PORTMAP.IO  this gives you ability to publish your services over the internet using OPEN VPN Client.

For more information visit there website https://portmap.io/

How to configure SSL VPN on OPENVPN

How to configure SSL VPN on OPENVPN

If you want to configure openvpn on SSL port below are the example for server and client side.

Server side configuration

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
#server-ipv6 fddd:1194:1194:1194::/64
#push "redirect-gateway def1 ipv6 bypass-dhcp"  ## To avoid all internet traffic except VPN## 
push "route"         ## To advertise Network ##
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS"
#push "dhcp-option DNS"
keepalive 10 120
cipher AES-256-CBC
user nobody
duplicate-cn                                    ##To use single certificate for multiple user#
group nobody
verb 3
crl-verify crl.pem

Continue reading How to configure SSL VPN on OPENVPN

OpenVPN CRL has expired

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need  to backup the current crl.pem file before creating a new one.

The location of the  crl.pem file  at /etc/openvpn/

#mv  crl.pem  crl.pem.back

Now go to  easy-rsa  folder

# cd  easy-rsa

now generate crl.pem

./easyrsa gencrl

Now copy the new crl.pem to openvpn folder

# cp pr /etc/openvpn/easyrsa/pki/crl.pem

Now restart openvpn service


source link :- https://www.jobishmathew.me/openvpn-crl-has-expired/


To troubleshoot connection issues check below logs

grep the client name  in /var/log/messages
# grep VPN    /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages


How to install PPTP Server on Cent OS

Step-1 Forward GRE protocol and TCP port 1723 through your firewall

Step-2 Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Step-3 Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

Note: The following will work but you may wish to change the source address from to the network range of your choosing based on your network.

/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Step-4 Configure Routing

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Step-5 Make the changes active

sysctl -p

Step-6 Install PPTP Server

yum install ppp pptpd

Step-7 Configure the service to start on boot

chkconfig –levels 345 pptpd on
Step-7 Configure Client Network Options change IP address according to your requirement

Modify /etc/pptpd.conf


Modify /etc/ppp/options.pptpd

Step-8 Configure Client Access

You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

Edit /etc/ppp/chap-secrets.

# Secrets for authentication using CHAP
# client          server          secret                           IP addresses
test-user       *                   test-password               *

Step-9 Start the Server

Start the pptpd service

service pptpd start

Step-10 Configure the Client

source link