Difference between revisions of "OpenVPN on Centos 7"
Line 38: | Line 38: | ||
./build-key client2 | ./build-key client2 | ||
./build-key client3 | ./build-key client3 | ||
− | Configure firewall | + | |
+ | Configure firewall (you may use firewalld but we prefer iptables) | ||
systemctl mask firewalld | systemctl mask firewalld | ||
systemctl enable iptables | systemctl enable iptables | ||
Line 46: | Line 47: | ||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE | ||
iptables-save > /etc/sysconfig/iptables.service | iptables-save > /etc/sysconfig/iptables.service | ||
+ | you may overwrite default iptables config or append. we'll overwrite here: | ||
+ | cp /etc/sysconfig/iptables.service /etc/sysconfig/iptables | ||
systemctl restart iptables.service | systemctl restart iptables.service | ||
Enable forwarding | Enable forwarding |
Revision as of 13:57, 13 August 2017
Install EPEL
yum install epel-release
Install OpenVPN, text editor and iptables services
yum install openvpn easy-rsa nano iptables-services
Create the server conf file
nano /etc/openvpn/server.conf
Add the following lines:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3
Generate keys and certificates
cp -rf /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Generate client(s)
cd /etc/openvpn/easy-rsa ./build-key client1 ./build-key client2 ./build-key client3
Configure firewall (you may use firewalld but we prefer iptables)
systemctl mask firewalld systemctl enable iptables systemctl stop firewalld systemctl start iptables iptables --flush iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables-save > /etc/sysconfig/iptables.service
you may overwrite default iptables config or append. we'll overwrite here:
cp /etc/sysconfig/iptables.service /etc/sysconfig/iptables systemctl restart iptables.service
Enable forwarding
nano /etc/sysctl.conf
Append the following line
net.ipv4.ip_forward = 1
Apply
systemctl restart network.service
Start Openvpn
systemctl -f enable openvpn@server.service systemctl start openvpn@server.service