Install OpenVPN in a Centos 7 Virtual Machine -Page 1

Install OpenVPN Overview

OpenVPN is an incredible tool for creating securely encrypted, remote network-to-network and client-to-network tunneled connections. You can think of it like this, if you have an OpenVPN connection to a network, then you have a secure connection to that network and all the resources on that network, like printers, file servers, other host computers, etc.. To set it up, you need to install an OpenVPN access server on one computer, and then on a separate computer, install an OpenVPN client for connecting to the server remotely. The goal of the lab is to install and configure an OpenVPN server, and then from a second computer, open a tunnel to the server using an OpenVPN client. To do this, you will first need to install Centos 7 (64bit) in a VMware Player virtual machine. Since this is a test case scenario, during the Centos 7 installation, I recommend installing the Gnome Desktop instead of the default, minimal install. When creating the virtual machine with VMware Player you will need to add an additional virtual network interface (NIC) to your virtual machine. After creating the virtual machine, edit the virtual machine settings, add a second network adapter, then change it from Bridged mode to LAN Segment mode. You will need to create/add a LAN Segment, name it VLAN10, and then configure the network adapter to the LAN Segment (VLAN10) setting. The virtual machine will have two network adapters, the first in Bridged Mode, and the second in LAN Segment mode (VLAN10).

Install Centos in a VM

Start up your VMware Centos 7 virtual machine, run through the installation, install the Gnome desktop environment, create a student account as well as a root password. After the install, start Centos and login. At the desktop, go to Applications and open a terminal window. In the terminal issue an ifconfig command to verify the presence of the two network adapters, they will probably show up as eno16777736 and eno33554960. If the second network adapter did not appear after issuing the ifconfig command then shutdown Centos, edit the virtual machine settings in VMware Player, remove and then re-add the second network adapter, until the second network adapter registers as present from within Centos.

   

The diagram below represents a network hosted from a single computer using virtual machines. The single physical host computer is the laptop represented by the laptop icon and the black rectangular outline. The virtual machines are running inside the laptop using VMware Player, VMware Workstation, or Virtualbox. Notice the Centos 7 Server has two Ethernet network adapters. The bridged mode network adapter places the Centos 7 eth0 interface on the network just like any other physical computer. Notice that by configuring eth0 with a DHCP client it will obtain an IP address just like the laptop. The eth1 network adapter is in LAN Segment mode which will allow it to communicate with any other virtual machines that are similarly configured with an identical LAN Segment network adapter. In this scenario, if the the Interior Client virtual machine wishes to connect to the internet, it will need to go through the Centos 7 Server, making the Centos 7 Server a transparent proxy or gateway for any virtual machines on the LAN Segment. With 8Gb of RAM and a quad core processor on the host computer it is possible to run two virtual machines simultaneously.

Lab Steps

Change the server’s hostname
=========================
1. Get root super-user access using su. Everything in this exercise is done with root access.

   su

2. Change localhost.localdomain to a server name of your choice (eg. danscentos-s2)

   nano /etc/hostname

3. Add your new hostname to the file (eg. 127.0.0.1 danscentos-s2 localhost localhost.localdomain …)

   nano /etc/hosts

Change the Network Interfaces to eth0 and eth1
=======================================
For some strange reason the network interfaces show up as: eno16777736 and eno33554960. Thanks to some great websites, I was able to find a fix.

4. In the following file search for the line “GRUB_CMDLINE_LINUX” and append the following: net.ifnames=0 biosdevname=0
note: make sure to append the text within the ending quotation mark as such: net.ifnames=0 biosdevname=0″

   nano /etc/default/grub

   grub2-mkconfig -o /boot/grub2/grub.cfg

   reboot

5. After rebooting, use su for root access. Enter the hostname command to verify your new hostname. Do an ifconfig and you should see the following network interfaces: eth0, eth1, and Lo. If not go back to step 4 an try again.

Configure the Network Interfaces
===========================

6. To configure the network interfaces we need the network-scripts directory

   cd /etc/sysconfig/network-scripts/

7. Rename the ifcfg-en016777736 file to ifcfg-eth0 then do an ls command to verify

   mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

8. Copy the ifcfg-eth0 file to ifcfg-eth1 so now you have a config file for each network interface. Do an ls command to verify

   cp /etc/sysconfig/network-scripts/ifcfg-eth0 ifcfg-eth1

9. Edit the ifcfg-eth1 file {loadposition adposition6}

    nano ifcfg-eth1

//change the contents of ifcfg-eth1 to the following, exit and save:

TYPE=”Ethernet”
DEVICE=”eth1″
BOOTPROTO=”static”
IPADDR=”192.168.10.1″
NETMASK=”255.255.255.0″
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”eth1″
ONBOOT=”yes”

10. Edit the ifcfg-eth0 file

    nano ifcfg-eth0

//change the contents of ifcfg-eth0 to the following, exit and save:

TYPE=”Ethernet”
DEVICE=”eth0″
BOOTPROTO=”dhcp”
DEFROUTE=”yes”
PEERDNS=”yes”
PEERROUTES=”yes”
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”eth0″
ONBOOT=”yes”

Remove the Network Manager
=========================

11. Since this is a server, I recommend removing the Network Manager and relying on manual network configurations instead

    systemctl stop NetworkManager
systemctl disable NetworkManager
service network restart

12. Reboot, then login and verify network connectivity and internet access. You should see that eth0 received an IP address through DHCP and that eth1 has the IP address 192.168.10.1. If not, then re-edit your ifcfg-eth0 and ifcfg-eth1 configuration files.

    reboot
ifconfig
ping yahoo.com

Note: you can manually bring a network interfaces up or down with the following commands
   ifconfig eth0 down
ifconfig eth0 up
   ifconfig eth1 down
ifconfig eth1 up

 

Video Tutorials

 

 

 

Click here to go to Part 2

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *