Install Openvpn Server in centos (Warning: do not copy paste below commands, mistakes are there.)

 

Install  Openvpn Server in centos.

Warning: do not copy paste below commands, mistakes are there.........................
only for sample use

In this we are using openvpn and easy-rsa and centos 7 server

install openvpn easy-rsa packages

# yum -y install openvpn easy-rsa

Go to the directory

# cd /usr/share/easy-rsa/

# ls

#  cd 3.0.8

#  ls -l

# mkdir -p /etc/openvpn/easy-rsa/

copy all files to easy-rsa directory

#  cp -rf * /etc/openvpn/easy-rsa/

  

go to the directory

#  cd /etc/openvpn/easy-rsa/

# ls

#  ls -l

create cerificates

#  ./easyrsa init-pki

# ./easyrsa build-ca

#  ./easyrsa build-ca

 #  ./easyrsa gen-dh

 # ./easyrsa gen-req server nopass

 # ./easyrsa sign server server

Create a directory unde openvpn folder

  # mkdir /etc/openvpn/keys/

Change its permission

  #  chmod 750 /etc/openvpn/keys

Copy the created certificate file /etc/openvpn/keys

   #  cp -a /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/keys/

   #  cp -a /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/keys/dh2048.pem

   #  cp -a /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/keys/

   #  cp -a /etc/openvpn/easy-rsa/pki/issued/server.key /etc/openvpn/keys/

   #  cp -a /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/keys/

Create Client Certificate

   

here client name "test"

#./easyrsa gen-req  test nopass

#./easyrsa sign client test

copy the files to /etc/openvpn/keys

 

   #  cp -a /etc/openvpn/easy-rsa/pki/issued/test.crt /etc/openvpn/keys/

   #  cp -a /etc/openvpn/easy-rsa/pki/private/test.key /etc/openvpn/keys/

   

Copy openvpn server configration

# cd /usr/share/doc/

#  ls

#  cd openvpn-2.4.9/

#  ls

#  cd sample

#  ls

#  cd sample-config-files/

#  ls

#  cp server.conf /etc/openvpn/server/

#  cd /etc/openvpn/server/

#  ls

# vim server.conf

   

# openvpn --genkey --secret ta.key

  ls

#  mv ta.key /etc/openvpn/keys/

then create an ovpn file for client

## vim client.ovpn

Sample client configartion

client dev tun proto udp remote ip-adress 1194 resolv-retry infinite nobind comp-lzo persist-key persist-tun remote-cert-tls server cipher AES-256-CBC verb 3 auth SHA256 key-direction 1 <key> paste the test.key file here </key> <cert> ---paste the test.crt here </cert> <ca> ---paste ca.crt key </ca> <tls-auth>

----paste ta.key here </tls-auth>

Then proceed with these commands

# systemctl start openvpn-server@server

   # systemctl enable openvpn-server@server

   #  systemctl status openvpn-server@server

#  echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf

#  sysctl -a -r 'net\.ipv4\.conf\..*\.forwarding'

If forwarding is zero then

# sysctl -p /etc/sysctl.conf

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE