The default public oracle YUM repository does not have all the packages we need to install openvpn.The installation process consists of rightly four stages: 1) install the EPEL repository 2) install openvpn 3) config openvpn, and 4) install openvpn client. Step 1 Install EPEL Repository. The installation process consists of rightly four stages: 1) install the EPEL repository 2) install openvpn 3) config openvpn, and 4) install openvpn client.Easy RSA installs some scripts to generate these keys and certificates.Create a directory for the keys by the following command mkdir -p /etc/openvpn/easy-rsa/keysWe also need to copy the key and certificate generation scripts into the directory. Cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpnOpen the file in your favorite editor, I’m using editor, vi /etc/openvpn/server.confMost of the lines just need to be uncommented (remove the ) and some of there are to be changed.Step 4 — Generating Keys and CertificatesNow , we’ll need to generate our keys and certificates. We need to copy the sampleserver.conf by the following command. So we need to run the following two commands to add the new EPEL repository: wget The following two commands are all we need to install openvpn and programsto generate certificates:Yum install openvpn -y yum install easy-rsa -yWe can find an example configuration file in its documentation directory.
![]() Open Vpn Client Update The ConfigurationKEY_NAME: You should enter server here you could enter something else, but then you would also have to update the configuration files that reference and Update the following values to be accurate for your organization.Some of the important value that should be change carefully are, Vi /etc/openvpn/easy-rsa/varsChange values that start with KEY_. Open the file in vi editor. So we don’t have to type our information in each time. /varsThen, we will clean up any keys and certificates which may already be in this folder and generate our certificate authority./clean-allWhen you build the certificate authority, you will be asked to enter all the information we put into the vars file, but you will see that your options are already set as the defaults. Cd /etc/openvpn/easy-rsa source. Move to easy-rsa directory and source in our new variables. Cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnfNext, We are going to generate the keys and certificates. To avoid this remove the version number from the openSSl file name. Icy towers download macThis command will take few to complete. /build-key-server serverNow we will generate Diffie-Hellman key exchange file. Please press ENTER for each question as for the above step. Step 5 — RoutingTo use firewalld, you would first add openvpn service to the public zone by the command: firewall-cmd -add-service openvpnFirewall-cmd -permanent -add-service openvpnFirewall-cmd -add-masquerade firewall-cmd -permanent -add-masqueradeTo use the old iptales, install the iptables-services and disable irewalld by execute the following commands yum install iptables-services -y systemctl mask firewalld systemctl enable iptables systemctl stop firewalld systemctl start iptables iptables -flushNext, We need to add a rule to iptables to forward our routing to our OpenVPN subnet, and save this rule. /build-key client That's it for keys and certificates. These keys and certificates will be shared with your clients, and it’s best to generate separate keys and certificates for each client you intend on connecting.Make sure that if you do this you give them descriptive names, but for now we’re going to have one client so we’ll just call it client. Cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpnFor authenticate our clients will also need certificates. Copy them all into our OpenVPN directory. Vi /etc/sysctl.confAdd the following line at the top of the file: net.ipv4.ip_forward = 1For the IP forwarding will take effect. Open sysctl.conf in vi editor. Iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ethXYZ -j MASQUERADE iptables-save > /etc/sysconfig/iptablesNext, enable IP forwarding in sysctl. For this, Open the file in the server and copy the content of the file into a new file in the client system an save, or use SFTP.We’re going to create a file called client.ovpn. /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.keyCopy these three files to your client machine. In this article we used ‘client’ as the descriptive name for the client keys. Step 6 — Configuring a ClientTo connect you will definitely need a copy of the ca certificate from the server, along with the client key and certificate.Locate the following files on the server. Add it to systemctl using the command systemctl -f enable OpenVPN: systemctl we have successfully completed all the server-side configuration done for OpenVPN. Issue the following command systemctl restart network.service Step 6 — Starting OpenVPNNow, we completed the installation and ready start the openVPN service. Make sure the paths to your key and certificate files are correctThis file can now be used by any OpenVPN client to connect to your server.Example: Installation and configuration of TunnelblickTunnelblick is an OpenVPN Graphic User Interface (GUI) for Mac OS X. You also need to update the IP address from your_server_ip to the IP address of your server port 1194 can stay the same You’ll need to change the first line to reflect the name you gave the client in your key and certificate in our case, this is just client Drawing program like paint for macThe ip-address is shown in blue at the right.Copy the following files from your OpenVPN server to your Mac:These files are located at the /etc/openvpn/keys directory. Open the file openvpn.conf in your favorite editor.Make sure that the configuration file contains at least the following entries: clientThe ip-address of your internet connection can be determined with the help of the website. Answer yes to the question if Tunnelblick should be started.After the installation a Tunnelblick icon is placed near the Spotlight icon.The configuration files for Tunnelblick are placed in the directory /Users//Library/Application Support/Tunnelblick/Configurations. I always use Cyberduck for copying files between Linux and Mac OS X.Once the files are copied to the right location, you can test your VPN connection.On the Tunnelblick icon, click with the right mouse button on Details.
0 Comments
Leave a Reply. |
AuthorNick ArchivesCategories |