OpenVPN on Centos 7
Revision as of 17:47, 9 March 2015 by Vq (talk | contribs) (Protected "OpenVPN on Centos 7" ([edit=sysop] (indefinite) [move=sysop] (indefinite)))
Install EPEL
yum install epel-release
Install OpenVPN, text editor and iptables services
yum install openvpn easy-rsa nano iptables-services
Create the server conf file
nano /etc/openvpn/server.conf
Add the following lines:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
Generate keys and certificates
cp -rf /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Generate client(s)
cd /etc/openvpn/easy-rsa ./build-key client1 ./build-key client2 ./build-key client3
Configure firewall
systemctl mask firewalld systemctl enable iptables systemctl stop firewalld systemctl start iptables iptables --flush iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables-save > /etc/sysconfig/iptables.service systemctl restart iptables
Enable forwarding
nano /etc/sysctl.conf
Append the following line
net.ipv4.ip_forward = 1
Apply
systemctl restart network.service
Start Openvpn
systemctl -f enable openvpn@server.service systemctl start openvpn@server.service