OpenVPN Configuration

By installing OpenVPN on the server and using phones which use OpenVPN you may have remote workers who could be possibly working from home connect into the server and use the phone as if they were in the office.

You must enable UDP or TCP Port 1194 though to server. I suggest UDP as this is faster and still reliable over short hops, but uses up less bandwidth.

yum install gcc gcc-ccc++ autoconf automake lzo-devel 
yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel 
cd /tmp 

tar xvf lzo-2.06.tar.gz 
tar xvf openvpn-2.2.1.tar.gz 
tar xvf pkcs11-helper-1.09.tar.bz2 

cd lzo-2.06 
make check 
make test 
make install  

cd /tmp/pkcs11-helper-1.09 
make install 

cd /tmp/openvpn-2.2.1 
make check 
make install  

mkdir /etc/openvpn 
mkdir /etc/openvpn/easy-rsa 

cp -p /tmp/openvpn-2.2.1/sample-scripts/openvpn.init /etc/rc.d/init.d/openvpn 
cp -p /tmp/openvpn-2.2.1/sample-config-files/server.conf /etc/openvpn/openvpn.conf 
cp -r /tmp/openvpn-2.2.1/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ 

chkconfig --add openvpn 
Refer to this document for more details
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf 

vi /etc/openvpn/easy-rsa/vars 

export KEY_CONFIG=/etc/openvpn/easy-rsa/openssl-1.0.0.cnf 
export KEY_COUNTRY="xx" 
export KEY_PROVINCE="xxxx" 
export KEY_CITY="xxxxxx" 
export KEY_ORG="pbx" 
export KEY_EMAIL=""
export KEY_CN=xxxxx 
export KEY_NAME=xxxxxxx 
export KEY_OU=xxxx 


./source vars
./clean-all     (Removes all certs and keys from keys folder) 

 **** if you enter '.' the field will be blank *** 

./build-key-server server 

Use server name is: <servername>
Use Password of :<password>

Create individual Client keys which will be used for each phone. you will need to perform this process for each phone you want to add to the vpn. You may change the name of Phone1, but each device name must be unique. The device name appears in the openn vpn status and assignment file once the device connects to the vpn.
./build-key phone1 

Use Password of :<password previously used>
You will use the ca.crt, client1.crt and client1.key to configure each phones vpn files. * save a copy of the keys and certs *
cp keys/ca.crt ../ 
cp keys/ca.key ../ 
cp keys/dh1024.pem ../ 
cp keys/server.key ../ 
cp keys/server.crt ../ 
cp keys/phone1.crt ../ 

cp keys/phone1.key ../ 

Edit the open VPN conf File and set the server settings In this case the servers ip address is I allocate another subnet of And allow the server to talk to this new subnet. All new vpn connections will get a 192.168.2.x ip address.

cd /etc/openvpn

vi openvpn.conf 
proto udp 
dev tun 
dh dh1024.pem 
dev tap 
ca ca.crt 
cert server.crt 
key server.key 
keepalive 10 30 
verb 4 
user nobody 
group nobody 

log openvpn.log 

service openvpn restart 
chkconfig openvpn on 
Now you must configure the Phones VPN settings.

Basically the vpn.cnf file must have the word 'client',servers address, port, tcp/udp

the ca, phone cert, phone key files.

The following phones do support OpenVPN. (I believe with latest firmware)

Check the /etc/openvpn/openvpn.log files for connection issues and testing.

en/openvpn.txt · Last modified: 2017/12/12 03:05 (external edit)
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki