Differences
This shows you the differences between two versions of the page.
— |
how-to:centos7:install-openvpn [2015-09-14 23:48:56] (current) shaun.reitan created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== How to install and configure OpenVPN on CentOS 7 ====== | ||
+ | |||
+ | This how-to will walk you through a quick and easy OpenVPN install on a CentOS minimal server. | ||
+ | |||
+ | ===== Install Required Packages ===== | ||
+ | |||
+ | To help with maintenance and security we will be enabling and using EPEL. By going this route your OpenVPN installation will be updated automatically when new versions are released. | ||
+ | |||
+ | < | ||
+ | yum install epel-release | ||
+ | yum update | ||
+ | </ | ||
+ | |||
+ | Now that EPEL packages are available for installation on your system we can now install OpenVPN. | ||
+ | |||
+ | < | ||
+ | yum install openvpn | ||
+ | </ | ||
+ | |||
+ | Install a set of encryption tools that will help generating the SSL Certs and Keys | ||
+ | |||
+ | < | ||
+ | yum install easy-rsa | ||
+ | </ | ||
+ | |||
+ | ===== Configure and Build Certs and Keys ===== | ||
+ | |||
+ | Now we are ready to generate the Cert and Keys our OpenVPN server and clients will be using. | ||
+ | |||
+ | < | ||
+ | cp -R / | ||
+ | </ | ||
+ | |||
+ | Next, edit **/ | ||
+ | |||
+ | < | ||
+ | export KEY_PROVINCE=" | ||
+ | export KEY_CITY=" | ||
+ | export KEY_ORG=" | ||
+ | export KEY_EMAIL=" | ||
+ | export KEY_OU=" | ||
+ | export KEY_CN=" | ||
+ | </ | ||
+ | |||
+ | Generate the CA-Bundle | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | . / | ||
+ | . / | ||
+ | . / | ||
+ | </ | ||
+ | |||
+ | The last command will ask you multiple questions, all of which should be set to to the values you entered in the vars file. You should be able to just hit enter for each question and let it fill itself with the default answer! | ||
+ | |||
+ | Now we are going to generate the server certificate and key | ||
+ | |||
+ | < | ||
+ | . / | ||
+ | </ | ||
+ | |||
+ | Again this command will ask you a series of questions. The questions will have a default answer and you can simply hit enter for them all. There will be a question asking you for a challenge password, in this example we wont set one, and will leave it blank. | ||
+ | |||
+ | Now lets build a client certificate and key. The clientname below should be unique for each VPN client. We typically will set this to the username the client will use to authenticate with the VPN server. | ||
+ | |||
+ | < | ||
+ | . / | ||
+ | </ | ||
+ | |||
+ | This command will again ask you a series of questions, just as before you can use the defaults. | ||
+ | |||
+ | Next, generate the DH parameters, this could take a while.... | ||
+ | |||
+ | < | ||
+ | . / | ||
+ | </ | ||
+ | |||
+ | Finally, move the cert and keys into their new home! | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | cp ca.crt ca.key dh2048.pem server.crt server.key / | ||
+ | </ | ||
+ | |||
+ | ===== Configuring OpenVPN ===== | ||
+ | |||
+ | Now we will start the configuration of the OpenVPN server. | ||
+ | |||
+ | < | ||
+ | cp / | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Forwarding all client traffic through the server ===== | ||
+ | |||
+ | The sample config lets clients connect to the VPN server and those clients will now have an encrypted connection between their computer and the server. | ||
+ | |||
+ | First add the following line to your **/ | ||
+ | |||
+ | < | ||
+ | push " | ||
+ | </ | ||
+ | |||
+ | Next, create **/ | ||
+ | |||
+ | < | ||
+ | net.ipv4.ip_forward = 1 | ||
+ | </ | ||
+ | |||
+ | and reload sysctl | ||
+ | |||
+ | < | ||
+ | sysctl --system | ||
+ | </ | ||
+ | |||
+ | and finally lets add an iptables rule to forward traffic through the VPN! | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | echo " | ||
+ | . / | ||
+ | </ | ||
+ | |||
+ | ===== Start OpenVPN and set to automatically start on boot ===== | ||
+ | |||
+ | < | ||
+ | systemctl -f enable openvpn@server.service | ||
+ | systemctl start openvpn@server.service | ||
+ | </ | ||
+ | |||
+ | |||
+ | OpenVPN has now been installed and should be running. | ||
+ | |||
+ | |||
+ | |||
+ | |||