OpenVPN Installation
From r00tedvw.com wiki
(Difference between revisions)
Line 30: | Line 30: | ||
==Generate Keys and Certs== | ==Generate Keys and Certs== | ||
+ | Change to root | ||
+ | <nowiki>~$ sudo -s</nowiki> | ||
Create directory and copy files | Create directory and copy files | ||
<nowiki>~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys | <nowiki>~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys | ||
Line 36: | Line 38: | ||
<nowiki>~$ sudo vi /etc/openvpn/easy-rsa/vars | <nowiki>~$ sudo vi /etc/openvpn/easy-rsa/vars | ||
... | ... | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
# X509 Subject Field | # X509 Subject Field | ||
Line 50: | Line 43: | ||
. . . | . . . | ||
export KEY_CN=openvpn.example.com</nowiki> | export KEY_CN=openvpn.example.com</nowiki> | ||
+ | Begin creation of certificates | ||
+ | <nowiki>~$ cd /etc/openvpn/easy-rsa | ||
+ | source ./vars | ||
+ | ./clean-all | ||
+ | ./build-ca | ||
+ | ./build-key-server server | ||
+ | ./build-dh</nowiki> | ||
+ | Copy needed files to openvpn dir | ||
+ | <nowiki>~$ cd /etc/openvpn/easy-rsa/keys/ | ||
+ | cp dh2048.pem ca.crt server.crt server.key /etc/openvpn</nowiki> | ||
+ | Build client certificate and key. Easy client should have unique certs and keys. | ||
+ | <nowiki>~$ cd /etc/openvpn/easy-rsa | ||
+ | ./build-key client1</nowiki> |
Revision as of 04:28, 3 January 2017
Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
Installation performed on Oracle Linux 7.3 x64 Server instance.
Install OpenVPN and Easy-RSA
Install EPEL repo
~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm ~$ sudo rpm -ivh epel-release-7-8.noarch.rpm ~$ sudo yum repolist
Install OpenVPN and Easy-RSA
~$ sudo yum install openvpn easy-rsa -y
Configure OpenVPN
Copy example server.conf to openvpn parent dir.
~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/
Edit the config
~$ sudo vi /etc/openvpn/server.conf Comments can be preceded by either # or ; # change to 2048 dh dh2048.pem # redirect ALL traffic - remove ; push "redirect-gateway def1 bypass-dhcp" # specify local DNS server(s) - remove ; and update DNS server ip address push "dhcp-option DNS 10.0.1.2" # start openvpn with no priviledges - uncomment lines user nobody group nobody ==Generate Keys and Certs== Change to root <nowiki>~$ sudo -s
Create directory and copy files
~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys ~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Update Config
~$ sudo vi /etc/openvpn/easy-rsa/vars ... # X509 Subject Field export KEY_NAME="server" . . . export KEY_CN=openvpn.example.com
Begin creation of certificates
~$ cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh
Copy needed files to openvpn dir
~$ cd /etc/openvpn/easy-rsa/keys/ cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Build client certificate and key. Easy client should have unique certs and keys.
~$ cd /etc/openvpn/easy-rsa ./build-key client1