OpenVPN Installation

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
Reference: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04<br>
+
Reference: [https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7 https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7]<br>
Installation performed on Ubuntu 14.04 Server instance.
+
Installation performed on Oracle Linux 7.3 x64 Server instance.
==Install OpenVPN & Easy RSA==
+
==Install OpenVPN and Easy-RSA==
  <nowiki>~$ sudo apt-get update && sudo apt-get install -y openvpn easy-rsa</nowiki>
+
Install EPEL repo
 +
  <nowiki>~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
 +
~$ sudo rpm -ivh epel-release-7-8.noarch.rpm
 +
~$ sudo yum repolist
 +
</nowiki>
 +
Install OpenVPN and Easy-RSA
 +
<nowiki>~$ sudo yum install openvpn easy-rsa -y</nowiki>
 +
==Configure OpenVPN==
 +
Copy example server.conf to openvpn parent dir.
 +
<nowiki>~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/</nowiki>
 +
Edit the config
 +
<nowiki>~$ sudo vi /etc/openvpn/server.conf
 +
Comments can be preceded by either # or ;
 +
 
 +
# change to 2048
 +
dh dh2048.pem
 +
 
 +
# redirect ALL traffic - remove ;
 +
push "redirect-gateway def1 bypass-dhcp"
 +
 
 +
#  specify local DNS server(s) - remove ; and update DNS server ip address
 +
push "dhcp-option DNS 10.0.1.2"
 +
 
 +
# start openvpn with no priviledges - uncomment lines
 +
user nobody
 +
group nobody
 +
 
 +
==Generate Keys and Certs==
 +
Change to root
 +
<nowiki>~$ sudo -s</nowiki>
 +
Create directory and copy files
 +
<nowiki>~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys
 +
~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/</nowiki>
 +
Update Config
 +
<nowiki>~$ sudo vi /etc/openvpn/easy-rsa/vars
 +
...
 +
 
 +
# X509 Subject Field
 +
export KEY_NAME="server"
 +
. . .
 +
export KEY_CN=openvpn.example.com</nowiki>
 +
Begin creation of certificates.  You '''must''' be root.
 +
<nowiki>~$ sudo -s
 +
~$ cd /etc/openvpn/easy-rsa
 +
source ./vars
 +
./clean-all
 +
./build-ca
 +
./build-key-server server
 +
./build-dh</nowiki>
 +
Copy needed files to openvpn dir
 +
<nowiki>~$ cd /etc/openvpn/easy-rsa/keys/
 +
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn</nowiki>
 +
Build client certificate and key.  Easy client should have unique certs and keys.
 +
<nowiki>~$ cd /etc/openvpn/easy-rsa
 +
../build-key client1</nowiki>

Latest revision as of 22:21, 9 January 2017

Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
Installation performed on Oracle Linux 7.3 x64 Server instance.

[edit] Install OpenVPN and Easy-RSA

Install EPEL repo 

~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
~$ sudo rpm -ivh epel-release-7-8.noarch.rpm
~$ sudo yum repolist

Install OpenVPN and Easy-RSA 

~$ sudo yum install openvpn easy-rsa -y

[edit] Configure OpenVPN

Copy example server.conf to openvpn parent dir. 

~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/

Edit the config 

~$ sudo vi /etc/openvpn/server.conf
Comments can be preceded by either # or ;

# change to 2048
dh dh2048.pem

# redirect ALL traffic - remove ;
push "redirect-gateway def1 bypass-dhcp"

#  specify local DNS server(s) - remove ; and update DNS server ip address
push "dhcp-option DNS 10.0.1.2"

# start openvpn with no priviledges - uncomment lines
user nobody
group nobody

==Generate Keys and Certs==
Change to root
 <nowiki>~$ sudo -s

Create directory and copy files 

~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys
~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Update Config 

~$ sudo vi /etc/openvpn/easy-rsa/vars
...

# X509 Subject Field
export KEY_NAME="server"
. . .
export KEY_CN=openvpn.example.com

Begin creation of certificates. You must be root. 

~$ sudo -s
~$ cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh

Copy needed files to openvpn dir 

~$ cd /etc/openvpn/easy-rsa/keys/
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

Build client certificate and key. Easy client should have unique certs and keys. 

~$ cd /etc/openvpn/easy-rsa
../build-key client1
Retrieved from "https://wiki.r00tedvw.com/index.php?title=OpenVPN_Installation&oldid=1560"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox