Difference between revisions of "Openvpn"
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
rpm -i openvpn-2.3.8-1.el7.x86_64.rpm | rpm -i openvpn-2.3.8-1.el7.x86_64.rpm | ||
+ | == setting up server== | ||
+ | === generating server and client keys === | ||
+ | yum install easy-rsa | ||
+ | mkdir -p /etc/openvpn/easy-rsa/keys | ||
+ | cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa | ||
+ | cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn | ||
+ | |||
+ | You can set export KEY_* in this file for not need to enter credentials for each key separately | ||
+ | vim /etc/openvpn/easy-rsa/vars | ||
+ | |||
+ | Sourcing defined values | ||
+ | cd /etc/openvpn/easy-rsa/ | ||
+ | source ./vars | ||
+ | |||
+ | generating server ca,keys | ||
+ | cd /etc/openvpn/easy-rsa/ | ||
+ | ./clean-all | ||
+ | ./build-ca | ||
+ | ./build-key-server server | ||
+ | ./build-dh | ||
+ | cd keys | ||
+ | cp dh2048.pem ca.crt server.crt server.key /etc/openvpn | ||
+ | |||
+ | generating client keys | ||
+ | cd /etc/openvpn/easy-rsa | ||
+ | ./build-key client | ||
+ | note:When asked for 'common name' please fill in unique name for client (it will be listed in openvpn.log after login) | ||
== enabling service == | == enabling service == |
Revision as of 14:31, 27 August 2015
Centos 7
Install ovpn
a)From epel repository for enterprise linux 7
we need to add epel repository if it was not done before [how to use yum]
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -i epel-release-latest-7.noarch.rpm yum install openvpn
b)Using package for enterprise linux 7 from fedoraproject.org
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/o/openvpn-2.3.8-1.el7.x86_64.rpm rpm -i openvpn-2.3.8-1.el7.x86_64.rpm
setting up server
generating server and client keys
yum install easy-rsa mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
You can set export KEY_* in this file for not need to enter credentials for each key separately
vim /etc/openvpn/easy-rsa/vars
Sourcing defined values
cd /etc/openvpn/easy-rsa/ source ./vars
generating server ca,keys
cd /etc/openvpn/easy-rsa/ ./clean-all ./build-ca ./build-key-server server ./build-dh cd keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
generating client keys
cd /etc/openvpn/easy-rsa ./build-key client
note:When asked for 'common name' please fill in unique name for client (it will be listed in openvpn.log after login)
enabling service
ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/multi-user.target.wants/openvpn\@server.service sytemctl start openvpn@server sytemctl status openvpn@server sytemctl stop openvpn@server