OpenVPN Installation
From r00tedvw.com wiki
(Difference between revisions)
Line 12: | Line 12: | ||
Copy example server.conf to openvpn parent dir. | Copy example server.conf to openvpn parent dir. | ||
<nowiki>~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/</nowiki> | <nowiki>~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/</nowiki> | ||
+ | Edit the config | ||
+ | <nowiki>~$ sudo vi /etc/openvpn/server.conf | ||
+ | Comments can be preceded by either # or ; | ||
+ | |||
+ | # change to 2048 | ||
+ | dh dh2048.pem | ||
+ | |||
+ | # redirect ALL traffic - remove ; | ||
+ | push "redirect-gateway def1 bypass-dhcp" | ||
+ | |||
+ | # specify local DNS server(s) - remove ; and update DNS server ip address | ||
+ | push "dhcp-option DNS 10.0.1.2" | ||
+ | |||
+ | # start openvpn with no priviledges - uncomment lines | ||
+ | user nobody | ||
+ | group nobody | ||
+ | |||
+ | ==Generate Keys and Certs== | ||
+ | Create directory and copy files | ||
+ | <nowiki>~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys | ||
+ | ~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/</nowiki> | ||
+ | Update Config | ||
+ | <nowiki>~$ sudo vi /etc/openvpn/easy-rsa/vars | ||
+ | ... | ||
+ | # These are the default values for fields | ||
+ | # which will be placed in the certificate. | ||
+ | # Don't leave any of these fields blank. | ||
+ | export KEY_COUNTRY="US" | ||
+ | export KEY_PROVINCE="NY" | ||
+ | export KEY_CITY="New York" | ||
+ | export KEY_ORG="DigitalOcean" | ||
+ | export KEY_EMAIL="[email protected]" | ||
+ | export KEY_OU="Community" | ||
+ | |||
+ | # X509 Subject Field | ||
+ | export KEY_NAME="server" | ||
+ | . . . | ||
+ | export KEY_CN=openvpn.example.com</nowiki> |
Revision as of 04:02, 3 January 2017
Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
Installation performed on Oracle Linux 7.3 x64 Server instance.
Install OpenVPN and Easy-RSA
Install EPEL repo
~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm ~$ sudo rpm -ivh epel-release-7-8.noarch.rpm ~$ sudo yum repolist
Install OpenVPN and Easy-RSA
~$ sudo yum install openvpn easy-rsa -y
Configure OpenVPN
Copy example server.conf to openvpn parent dir.
~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/
Edit the config
~$ sudo vi /etc/openvpn/server.conf Comments can be preceded by either # or ; # change to 2048 dh dh2048.pem # redirect ALL traffic - remove ; push "redirect-gateway def1 bypass-dhcp" # specify local DNS server(s) - remove ; and update DNS server ip address push "dhcp-option DNS 10.0.1.2" # start openvpn with no priviledges - uncomment lines user nobody group nobody ==Generate Keys and Certs== Create directory and copy files <nowiki>~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys ~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Update Config
~$ sudo vi /etc/openvpn/easy-rsa/vars ... # These are the default values for fields # which will be placed in the certificate. # Don't leave any of these fields blank. export KEY_COUNTRY="US" export KEY_PROVINCE="NY" export KEY_CITY="New York" export KEY_ORG="DigitalOcean" export KEY_EMAIL="[email protected]" export KEY_OU="Community" # X509 Subject Field export KEY_NAME="server" . . . export KEY_CN=openvpn.example.com