Create a peer-to-peer VPN connection with OpenVPN on CentOS

Posted on November 13, 2016 in network, vpn, openvpn, p2p, centos

1. Schema

Schema OpenVPN

2. Installation

First of all, we need to install openvpn, on both servers :

yum install -y openvpn

3. Configuration

A. Creation of the shared key

Next, we need to create our shared key :

openvpn --genkey --secret /etc/openvpn/openvpn-shared-key.key 

B. Creation of the config file

We create a file /etc/openvpn/openvpn.ovpn with the following content :

  • On firewall A :
# Hardware 
dev-type    tun
mode        p2p
dev         tun-fw-b
daemon

# Users and Groups
user nobody
group nobody

# IP & Port Information
remote      FIREWALL-B-WAN-IP
proto       udp 
rport       1337
lport       1337

# Security & Perfs
comp-lzo
cipher aes-256-cbc

# Others
resolv-retry infinite
persist-key
persist-tun

# Client part
ifconfig 10.53.0.1 10.53.0.2
secret /etc/openvpn/openvpn-shared-key.key

# Port management
# management localhost 9999

# Log Level
verb 3
log-append /var/log/openvpn/openvpn.log
  • On firewall B :
# Hardware 
dev-type    tun
mode        p2p
dev         tun-fw-a
daemon

# Users and Groups
user nobody
group nobody

# IP & Port Information
remote      FIREWALL-A-WAN-IP
proto       udp 
rport       1337
lport       1337

# Security & Perfs
comp-lzo
cipher aes-256-cbc

# Others
resolv-retry infinite
persist-key
persist-tun

# Client part
ifconfig 10.53.0.2 10.53.0.1
secret /etc/openvpn/openvpn-shared-key.key

# Port management
management localhost 9999

# Log Level
verb 3
log-append /var/log/openvpn/openvpn.log

C. On both servers

Finally, we enable and start the openvpn service :

systemctl enable openvpn
systemctl start openvpn

4. Results

If everthing is fine, we can ping firewall B from firewall A :

ping 10.53.0.2

If you want to join 10.10.11.0/24 from Firewall A and 10.10.10.0/24 from Firewall B, you need to add :

  • On firewall A :
route add -net 10.10.11.0/24 gw 10.53.0.2
  • On firewall B :
route add -net 10.10.10.0/24 gw 10.53.0.1