OpenVPN Installation
From r00tedvw.com wiki
Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
Installation performed on Oracle Linux 7.3 x64 Server instance.
Install OpenVPN and Easy-RSA
Install EPEL repo
~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm ~$ sudo rpm -ivh epel-release-7-8.noarch.rpm ~$ sudo yum repolist
Install OpenVPN and Easy-RSA
~$ sudo yum install openvpn easy-rsa -y
Configure OpenVPN
Copy example server.conf to openvpn parent dir.
~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/
Edit the config
~$ sudo vi /etc/openvpn/server.conf Comments can be preceded by either # or ; # change to 2048 dh dh2048.pem # redirect ALL traffic - remove ; push "redirect-gateway def1 bypass-dhcp" # specify local DNS server(s) - remove ; and update DNS server ip address push "dhcp-option DNS 10.0.1.2" # start openvpn with no priviledges - uncomment lines user nobody group nobody ==Generate Keys and Certs== Change to root <nowiki>~$ sudo -s
Create directory and copy files
~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys ~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Update Config
~$ sudo vi /etc/openvpn/easy-rsa/vars ... # X509 Subject Field export KEY_NAME="server" . . . export KEY_CN=openvpn.example.com
Begin creation of certificates. You must be root.
~$ sudo -s ~$ cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh
Copy needed files to openvpn dir
~$ cd /etc/openvpn/easy-rsa/keys/ cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Build client certificate and key. Easy client should have unique certs and keys.
~$ cd /etc/openvpn/easy-rsa ../build-key client1
