Install OpenVPN in a Centos 7 Virtual Machine -Page 3

OpenVPN Lab continued from Page 2

Build the client keys using easy-rsa

You can build separate client keys for each client you wish to allow to connect to your server.

25. Navigate to the easy-rsa directory and build your client keys.

   cd /etc/openvpn/easy-rsa
source ./vars
./build-key myclient

Copy the client keys to the client’s computer

26. Change directories to the keys folder and verify your client keys. You should see files named myclient.crt and myclient.key

   cd /etc/openvpn/easy-rsa/keys

27. Copy the files ca.crt, myclient.crt, and myclient.key to the remote client computer using a flash drive, emailing the files or using an SSH/SCP client like Filezilla. To copy the files using Filezilla you will may first need to copy the files to a folder like Documents that does not require root access and then change the file permissions on myclient.key so that group and public have read access. The client computer used to connect to the OpenVPN server can be a computer running Windows, Linux, or OSX.

   cp ca.crt myclient.crt myclient.key /home/student/Documents
cd /home/student/Documents
ls -l
chmod 644 myclient.key   

Now from a remote computer you can use a program like Filezilla to copy the files from the server.


Create the client OpenVPN configuration file used to connect to the server

28. Using a text editor like nano in Linux or notepad in Windows create the text file myclient.ovpn and place it in the same directory as the ca.crt, myclient.crt, and myclient.key files that you copied from the Centos 7 server.

   nano myclient.ovpn

add the following lines.:

dev tun
proto udp
remote <centos server ip address> 1194
resolv-retry infinite
verb 3
ca ca.crt
cert myclient.crt
key myclient.key



On the server, enable Centos 7 to forward packets through its network interfaces

29. Use sysctl to allow IP packet forwarding. Add the following line to the sysctl.conf file

   nano /etc/sysctl.conf
  edit -> net.ipv4.ip_forward = 1

   sysctl -p



Enable the OpenVPN pam authentication module to add user authentication

30. Using the OpenVPN auth-pam module the OpenVPN server can authenticate using the Linux system users. To do this you will need to create a PAM service file:

   touch /etc/pam.d/openvpn
nano /etc/pam.d/openvpn

then add the following two lines:
auth    required    shadow    nodelay
account required

31. Add the following line to the end of the OpenVPN server.conf file

   nano /etc/openvpn/server.conf

    plugin /usr/lib64/openvpn/plugins/ openvpn

On the server, add and uncomment two lines in the OpenVPN server.conf file

32. In server.conf add a line to push a route to the server’s inside LAN network and uncomment a line to allow client to client communication between tunneled users

   cd /etc/openvpn
nano server.conf

add/uncomment the following two lines:

push “route”

Ctrl+x, type y and press enter to save.
33. Now restart the OpenVPN server

   systemctl stop openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service


Connect the the OpenVPN Server from a client computer

34. With root access use the following command to connect to the server from a Linux host. Notice, in the example command below the path to the myclient.ovpn file is the current directory. If the ovpn config file is in a different directory you will need to provide the path. You may need to install openvpn and easy-rsa if openvpn is not already installedon your linux client.

   openvpn myclient.ovpn   

OpenVPN is now running in that terminal window, to close the OpenVPN connection press Ctrl+c, or to continue working you will need to open a new terminal window. You can also close OpenVPN and the tunnel connection using the pkill program.

   pkill openvpn

35. In a new terminal window examine your tunnel interface using ifconfig. You should see a tun0 interface with a range IP address.


36. Test to see if you can ping the router’s tunnel interface at, as well communicate to the inside LAN network at


37. To connect to the OpenVPN server from a Windows client computer you will need to download and install the openvpn client program from You will find the the windows client installer at the website under community downloads. After installing the OpenVPN client for Windows you will need to copy the ca.crt, myclient.crt, myclient.key, and myclient.ovpn files to the C:\Programs and Files (x86)\OpenVPN\config\ folder, or if you installed the 64bit version of the OpenVPN client the location will be C:\Programs and Files\OpenVPN\config\.

38. Now start the Windows OpenVPN client. It will launch into the System Tray. You will right click the OpenVPN icon in the System Tray, choose the config file and select Connect.

Start > Programs > OpenVPN GUI
Right click the OpenVPN icon in the system stray, and select Connect.


Configure the iptables firewall to allow OpenVPN connections

Earlier in the lab, I shutdown the iptables firewall with the intention of turning it back, after configuring it to allow OpenVPN connections.

39. to be posted soon…


Video Tutorial



<– Click here to go to Part 2



Install OpenVPN in a Centos 7 Virtual Machine -Page 2

OpenVPN Lab continued from Page 1

Install the EPEL Repositories

To install OpenVPN you will need the EPEL repositories

13. Using yum install EPEL

yum install epel-release

Disable firewalld and use iptables

14. Centos 7 has the new firewalld dynamic firewall daemon installed by default. Firewalld has many new updated and advanced features that you would want in a firewall, however if you are more familiar with the iptables firewall service you can disable firewalld and use iptables. The following commands assume root access through su.

   systemctl stop firewalld
systemctl disable firewalld

   yum install iptables-services   //iptables should already be installed, if not then type y to install.

systemctl enable iptables
systemctl start iptables
systemctl status iptables
systemctl stop iptables

Stop iptables with the intention of configuring it later in the lab.
Install and Configure the OpenVPN Server

15. Install OpenVPN server

yum install openvpn

16. Copy the sample OpenVPN server configuration file to the /etc/openvpn folder

   cd /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/
cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn

17. Edit the OpenVPN server.conf file

   cd /etc/openvpn
nano server.conf

edit -> uncomment the following lines and change the DNS server addresses
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS”
push “dhcp-option DNS”
user nobody
group nobody

Install Easy-RSA to create certificate of authority, server certificates, and keys

18. Install easy-rsa to handle encryption, certificates, and keys

   yum install easy-rsa
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

19. Change the variables file in the easy-rsa folder

   nano /etc/openvpn/easy-rsa/vars

edit -> change the following lines (the following settings are just my example settings)
export KEY_CITY=”Portland”
export KEY_ORG=”danscourses”
export KEY_EMAIL=””
export KEY_OU=”danscourses”

20. Build your security your server security certificates and keys. You will accept the default settings.

   cd /etc/openvpn/easy-rsa
source ./vars
./build-key-server $( hostname )

21. Copy your server certificates and keys to the openvpn folder

   cd /etc/openvpn/easy-rsa/keys
cp ca.crt danscentos-s2.crt danscentos-s2.key dh2048.pem /etc/openvpn

Start the OpenVPN Server

22. Restore SE Linux security context and create symbolic link for systemd

   restorecon -Rv /etc/openvpn
ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/\@server.service

23. Edit the OpenVPN server.conf file and change the names of the server certificate and server key, to match the certificates and keys that you created. Save the file and exit.

   cd /etc/openvpn
nano server.conf

in server.conf change the following lines:
cert server.crt
key server.key    # This file should be kept secret

replace the word “server” with your server’s hostname which should be the name of your server certificate and key files:
cert danscentos-s2.crt
key danscentos-s2.key    # This file should be kept secret

24. Start the OpenVPN server

   systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service


Video Tutorial



Click here to go to Part 3


Install OpenVPN in a Centos 7 Virtual Machine -Page 1

Install OpenVPN Overview

OpenVPN is an incredible tool for creating securely encrypted, remote network-to-network and client-to-network tunneled connections. You can think of it like this, if you have an OpenVPN connection to a network, then you have a secure connection to that network and all the resources on that network, like printers, file servers, other host computers, etc.. To set it up, you need to install an OpenVPN access server on one computer, and then on a separate computer, install an OpenVPN client for connecting to the server remotely. The goal of the lab is to install and configure an OpenVPN server, and then from a second computer, open a tunnel to the server using an OpenVPN client. To do this, you will first need to install Centos 7 (64bit) in a VMware Player virtual machine. Since this is a test case scenario, during the Centos 7 installation, I recommend installing the Gnome Desktop instead of the default, minimal install. When creating the virtual machine with VMware Player you will need to add an additional virtual network interface (NIC) to your virtual machine. After creating the virtual machine, edit the virtual machine settings, add a second network adapter, then change it from Bridged mode to LAN Segment mode. You will need to create/add a LAN Segment, name it VLAN10, and then configure the network adapter to the LAN Segment (VLAN10) setting. The virtual machine will have two network adapters, the first in Bridged Mode, and the second in LAN Segment mode (VLAN10).

Install Centos in a VM

Start up your VMware Centos 7 virtual machine, run through the installation, install the Gnome desktop environment, create a student account as well as a root password. After the install, start Centos and login. At the desktop, go to Applications and open a terminal window. In the terminal issue an ifconfig command to verify the presence of the two network adapters, they will probably show up as eno16777736 and eno33554960. If the second network adapter did not appear after issuing the ifconfig command then shutdown Centos, edit the virtual machine settings in VMware Player, remove and then re-add the second network adapter, until the second network adapter registers as present from within Centos.


The diagram below represents a network hosted from a single computer using virtual machines. The single physical host computer is the laptop represented by the laptop icon and the black rectangular outline. The virtual machines are running inside the laptop using VMware Player, VMware Workstation, or Virtualbox. Notice the Centos 7 Server has two Ethernet network adapters. The bridged mode network adapter places the Centos 7 eth0 interface on the network just like any other physical computer. Notice that by configuring eth0 with a DHCP client it will obtain an IP address just like the laptop. The eth1 network adapter is in LAN Segment mode which will allow it to communicate with any other virtual machines that are similarly configured with an identical LAN Segment network adapter. In this scenario, if the the Interior Client virtual machine wishes to connect to the internet, it will need to go through the Centos 7 Server, making the Centos 7 Server a transparent proxy or gateway for any virtual machines on the LAN Segment. With 8Gb of RAM and a quad core processor on the host computer it is possible to run two virtual machines simultaneously.

Lab Steps

Change the server’s hostname
1. Get root super-user access using su. Everything in this exercise is done with root access.


2. Change localhost.localdomain to a server name of your choice (eg. danscentos-s2)

   nano /etc/hostname

3. Add your new hostname to the file (eg. danscentos-s2 localhost localhost.localdomain …)

   nano /etc/hosts

Change the Network Interfaces to eth0 and eth1
For some strange reason the network interfaces show up as: eno16777736 and eno33554960. Thanks to some great websites, I was able to find a fix.

4. In the following file search for the line “GRUB_CMDLINE_LINUX” and append the following: net.ifnames=0 biosdevname=0
note: make sure to append the text within the ending quotation mark as such: net.ifnames=0 biosdevname=0″

   nano /etc/default/grub

   grub2-mkconfig -o /boot/grub2/grub.cfg


5. After rebooting, use su for root access. Enter the hostname command to verify your new hostname. Do an ifconfig and you should see the following network interfaces: eth0, eth1, and Lo. If not go back to step 4 an try again.

Configure the Network Interfaces

6. To configure the network interfaces we need the network-scripts directory

   cd /etc/sysconfig/network-scripts/

7. Rename the ifcfg-en016777736 file to ifcfg-eth0 then do an ls command to verify

   mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

8. Copy the ifcfg-eth0 file to ifcfg-eth1 so now you have a config file for each network interface. Do an ls command to verify

   cp /etc/sysconfig/network-scripts/ifcfg-eth0 ifcfg-eth1

9. Edit the ifcfg-eth1 file {loadposition adposition6}

    nano ifcfg-eth1

//change the contents of ifcfg-eth1 to the following, exit and save:


10. Edit the ifcfg-eth0 file

    nano ifcfg-eth0

//change the contents of ifcfg-eth0 to the following, exit and save:


Remove the Network Manager

11. Since this is a server, I recommend removing the Network Manager and relying on manual network configurations instead

    systemctl stop NetworkManager
systemctl disable NetworkManager
service network restart

12. Reboot, then login and verify network connectivity and internet access. You should see that eth0 received an IP address through DHCP and that eth1 has the IP address If not, then re-edit your ifcfg-eth0 and ifcfg-eth1 configuration files.


Note: you can manually bring a network interfaces up or down with the following commands
   ifconfig eth0 down
ifconfig eth0 up
   ifconfig eth1 down
ifconfig eth1 up


Video Tutorials




Click here to go to Part 2

HSRP – Hot Standby Routing Protocol Packet Tracer Activity

HSRP Overview

If your gateway goes down it is a good idea to have a backup that takes over immediately. Using Cisco’s Hot Standby Routing Protocol (HSRP) you can configure a router to be an automatic backup gateway without having to change all of your network client’s default gateways, by reconfiguring your DHCP server, and releasing all of the gateway addresses on your network. {loadposition adposition5}In this graded Packet Tracer activity you configure HSRP to create active and standby router gateways.

In the activity, R1 is the current gateway router at Your task is to configure a virtual IP address on both router R1 and R2 G0/0 interfaces. You will configure R1 as the active router and R2 as the standby. Once that is done you will change the default gateway address on PC-A to the new virtual IP address and test. Download the Packet Tracer file and following along with my video tutorial.


1. Configure router R1 G0/0 interface with the following hot standby attributes:
standby 1 ip address
standby 1 priority 105
standby 1 preempt
standby 1 track g0/1
2. Configure router R2 G0/0 interface with the following hot standby attributes:
standby 1 ip address
3. Change the default gateway on PC-A to
4. Disable either of the Ethernet links to R1 and test to see if you can still ping the ISP.


Note: You will need to have Packet Tracer version 6.1 installed on your computer in order to open the file.

Video Tutorial

VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a management IP address on each switch using switched virtual interfaces or SVIs. You will also need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

VLANS and Trunks Packet Tracer diagram and physical topology


1. Set the PC’s IP addresses based on the host address label and VLAN color code in the topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the Native VLAN as shown
7. Shutdown the G0/2 interface.


For this graded activity you will need Packet Tracer version 6.1 or higher.

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Windows Utilities Lab

Windows Utilities Lab Overview

Windows Utilities are useful programs that allow you to examine your computer’s hardware, troubleshoot hardware and software related issues, update device drivers, and configure important system settings. In this lab you will use the following Windows Utilities to obtain information about your particular computer:

– Device Manager (devmgmt.msc),
– System Information Tool (msinfo32.exe),
– DirectX Diagnostic Tool (dxdiag.exe),
– Resource Monitor (perfmon.exe),
– System Configuration Tool (msconfig.exe)

Basic knowledge of these diagnostic tools and how to access them is important for the CompTIA A+ exams. A quick way to launch any of the tools listed above is to press the Windows Start Button and in the “Search Programs and Files” dialogue box type in the name of the utility programs above and press enter. Lets go through each tool and extract a piece of computer system information.

Device Manager

The device manager is an important tool for identifying hardware devices that are not functioning correctly or are not being properly recognized by the Windows Operating System. The Device Manager can be used to identify which software device drivers are being used for a particular hardware device like a video card or a network adapter.

1. Launch the Device Manager – press the Start menu button > right+click on Computer > press Properties > and press Device Manager in the left hand column. You can also find the Device Manager in the Control Panel by going to Start > Control Panel > choose View by: Small icons.

2. Using the Device Manager pull-down menu  choose View > Devices by Type scroll down to Processors and click the arrow icon.

Question A: What processor (CPU) name is identified in the device manager? Is the processor name listed more than once? If so, why?

     Question B: Under what arrow heading in the Device Manager list would you locate the drivers for your graphics card? Examples: Disk Drives, Keyboards, Security Devices, etc.


System Information Tool

The System Information Tool provides information about your computer’s resources, hardware devices, your operating system environment, and running processes.

1. Launch the System Information Tool – press the Start menu button > type in msinfo32.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > System Information.

2. There is useful information in the first screen under the System Summary heading. See if you can locate the following information:

Question C: What is the BIOS manufacturer and version?

3. Examine the information under the other listed headings. Can you find the following information:

    Question D: What is your hard drive manufacturer and model number?

    Question E: Under what heading can you find Problem Devices? Do you have any listed? 

    Question F: Find the filename and file path to either your Gigabit Ethernet network adapter driver or wireless network adapter?

DirectX Diagnostics Tool

DirectX are the APIs and runtime libraries that allow windows to achieve advanced multimedia and 3D graphics. The DirectX Diagnostics Tool can be used to check the version of DirectX currently installed on the computer system, whether or not DirectX features like DirectX Draw, DirectX 3D, and AGP Texture are enabled, and whether or not there are any problems related to the video, graphics, sound, and input hardware device drivers and DirectX features.

1. Launch the DirectX Diagnostic Tool – press the Start menu button > type in dxdiag.exe in the Search programs and files search box, highlight the program or press enter.

2. In the DirectX Diagnostics Tool click on the Display, Sound and Input tabs and look to the notes area for any listed problems

Question G: Are there any problems listed in the Notes area of the Display, Sound and Input tabs?

3. Notice the “Run 64-bit DxDiag” button at the bottom of the window which will run the 64bit version of the program.


Resource Monitor

The Resource Monitor is a great tool for monitoring processes as they run as well as seeing which processes and programs are utilizing the most CPU, memory, and network resources.

1. Launch the Resource Monitor Tool – press the Start menu button > type in resource monitor perfmon.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > Resource Monitor.

2. In the Resource Monitor Tool you can hover over the column headings like Image, PID, Description, etc. for a description of the column information. Click on the CPU tab and under Processes order the information by clicking on the various column headings.

Question H:  Which program is utilizing the most CPU resources?

3. Click on the Memory tab.

Question I: Under Processes which heading will tell you the program that is utilizing the most physical memory? Which program is it?

4. Click on the Network tab.

Question J: Under Processes with Network Activity which program is sending and receiving the most information over the network?

System Configuration Tool

The System Configuration Tool can be used to configure how Windows behave on startup. If there are multiple operating systems installed on the hard disk drive you can define which one will boot by default. You can also define which services and programs will launch on startup. This can be useful if you find that Windows is running a lot of programs on startup that you do not need or want. You can also use the System Configuration Tool to boot to a Diagnostic startup or boot to safe mode.

1. Launch the System Configuration Tool – press the Start menu button > type in msconfig.exe in the Search programs and files search box, highlight the program or press enter.

2. In the System Configuration Tool click on the Startup tab and examine the programs that are launching on startup.

Question K: Do you notice any programs that are unnecessarily running all the time by launching on startup? Which ones?

Build a Computer – Time Lapse

Overview – Build a Computer – GoPro Time Lapse

The video below shows the process of building a computer from parts. The computer is a midsized tower that will serve as a firewall router using a freely downloaded, community edition operating system. By using a GoPro time-lapse picture capture I was able to produce a condensed 4 minute video depicting the process of building a computer which normally takes anywhere from 40 to 90 minutes.

Network Troubleshooting PT Activity


It is important to know how to troubleshoot network connectivity issues. How to configure PCs to add them to the network? What tools can you use from the command prompt to test connectivity and check your network address settings? In order to test your skills, I created a Packet Tracer 6.1 activity in which you are the network administrator and you need to troubleshooting the network and answer some fundamental questions about the network. I have included the Packet Tracer activity file for you to download as well as the instructions below.

Instructions – Troubleshooting Activity

Troubleshooting Tasks
1. Fix PC1 and PC2 so they can reach the company website, and remote website
2. Fix Laptop0 so it can associate with Wireless Router0, and connect to the wireless network

Initech Admin
vty password: swingline
enable secret: cubicle

Answer the Following Questions
1. What is the network address of the green network?
2. What is the network address of the orange network?
3. What is the IP address of the Initech webserver?
4. What is the IP address of the Initech Nameserver?
5. What is the IP address of the Initech Mail Server?
Hint: what is the subdomain name of the mail server?
6. What is the IP address of the Webserver?
7. What is the SSID of Wireless Router0?
8. What is the wireless security key?
9. What is the IP address of the WAN interface on the Edge Router?


Click here to download the PT activity:
To open the file you will need Packet Tracer 6.1