How to Install and Configure OpenVPN Server on CentOS7(Windows 7 & Mint Linux As Clients)
+OpenVPN server installation notes: Scenario:
Targeted system to be installed on CentOS 7
Clients : on Windows, Linux Mint Client
Prerequisites:
* CentOS 7 along with root access to the server
* Domain or sub-domain that resolves to your server that you can use for the certificates
* We need to make sure that we have Enterprise Linux (EPEL) repository in the system , if not , then we can execute the following to include this repository.
________________________________________________________________
https://gist.github.com/mtaziz/c7f2c2216cd978f59bec
________________________________________________________________
$ yum install epel-release
###Step 1 — Installing OpenVPN###
yum install openvpn easy-rsa -y
######Step 2 — Configuring OpenVPN######
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
vim /etc/openvpn/server.conf
dh dh2048.pem
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4″
user nobody
group nobody #Save and exit the OpenVPN server configuration file.
######Step 3 — Generating Keys and Certificates#######
#Let’s create a directory for the keys to go in.
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
vim /etc/openvpn/easy-rsa/vars
#Two Important properties:
##KEY_NAME: server.key and server.crt
##KEY_CN: Enter the domain or subdomain that resolves to your server
# Change as you like
export KEY_COUNTRY=”BD”
export KEY_PROVINCE=”Dhaka”
export KEY_CITY=”Dhaka”
export KEY_ORG=”tariqsadminlab”
export KEY_EMAIL=”tariqsadminlab@example.com”
export KEY_OU=”tariqsadminlab”
#X509 Subject Field
export KEY_NAME=”server”
export KEY_CN=openvpn.example.com
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
#Client Key Generation
#Client Name: mintclient
cd /etc/openvpn/easy-rsa
./build-key client
########Step 4 — Routing#######
#To keep things simple we’re going to do our routing directly with iptables rather than the new firewalld.
#First, make sure the iptables service is installed and enabled.
yum install iptables-services -y
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables –flush
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#iptables-save < /etc/sysconfig/iptables
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
systemctl restart network.service
#######Step 5 — Starting OpenVPN########
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
#######Step 6 — Configuring a Client#########
#Copy the followng files From server to client
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client.crt
/etc/openvpn/easy-rsa/keys/client.key
#Creates Client.opn file for the client so that it knows how to connect to the server
client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /path/to/ca.crt
cert /path/to/client.crt
key /path/to/client.key
by TariqsAdminLab
linux dhcp client
the dark side of OpenVPN : D
no video between 24-30 minutes mark and elsewhere after that