OpenVPN on Centos 7

From vpsget wiki
Revision as of 13:57, 13 August 2017 by Ndi (talk | contribs)
Jump to: navigation, search

Install EPEL 

yum install epel-release

Install OpenVPN, text editor and iptables services 

yum install openvpn easy-rsa nano iptables-services

Create the server conf file 

nano /etc/openvpn/server.conf

Add the following lines: 

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3

Generate keys and certificates 

cp -rf /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

Generate client(s) 

cd /etc/openvpn/easy-rsa
./build-key client1
./build-key client2
./build-key client3

Configure firewall (you may use firewalld but we prefer iptables) 

systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables.service

you may overwrite default iptables config or append. we'll overwrite here: 

cp /etc/sysconfig/iptables.service  /etc/sysconfig/iptables
systemctl restart iptables.service

Enable forwarding 

nano /etc/sysctl.conf

Append the following line 

net.ipv4.ip_forward = 1

Apply 

systemctl restart network.service

Start Openvpn 

systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
Retrieved from "https://wiki.vpsget.com/index.php?title=OpenVPN_on_Centos_7&oldid=7250"