OpenVPN Installation

Revision as of 03:28, 3 January 2017

Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
Installation performed on Oracle Linux 7.3 x64 Server instance.

Install OpenVPN and Easy-RSA

Install EPEL repo

~$ wget http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
~$ sudo rpm -ivh epel-release-7-8.noarch.rpm
~$ sudo yum repolist

Install OpenVPN and Easy-RSA

~$ sudo yum install openvpn easy-rsa -y

Configure OpenVPN

Copy example server.conf to openvpn parent dir.

~$ sudo cp /usr/share/doc/openvpn-2.3.14/sample/sample-config-files/server.conf /etc/openvpn/

Edit the config

~$ sudo vi /etc/openvpn/server.conf
Comments can be preceded by either # or ;

# change to 2048
dh dh2048.pem

# redirect ALL traffic - remove ;
push "redirect-gateway def1 bypass-dhcp"

#  specify local DNS server(s) - remove ; and update DNS server ip address
push "dhcp-option DNS 10.0.1.2"

# start openvpn with no priviledges - uncomment lines
user nobody
group nobody

==Generate Keys and Certs==
Change to root
 <nowiki>~$ sudo -s

Create directory and copy files

~$ sudo mkdir -p /etc/openvpn/easy-rsa/keys
~$ sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Update Config

~$ sudo vi /etc/openvpn/easy-rsa/vars
...

# X509 Subject Field
export KEY_NAME="server"
. . .
export KEY_CN=openvpn.example.com

Begin creation of certificates

~$ cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh

Copy needed files to openvpn dir

~$ cd /etc/openvpn/easy-rsa/keys/
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

Build client certificate and key. Easy client should have unique certs and keys.

~$ cd /etc/openvpn/easy-rsa
./build-key client1