The next recipe works on CentOS 7 as for beginning of 2025 year.
- yum install openvpn easy-rsa
- cd /etc/openvpn
- /usr/share/easy-rsa/3.0.8/easyrsa init-pki
- /usr/share/easy-rsa/3.0.8/easyrsa build-ca nopass
- /usr/share/easy-rsa/3.0.8/easyrsa build-server-full server nopass
- /usr/share/easy-rsa/3.0.8/easyrsa build-client-full client1 nopass
- /usr/share/easy-rsa/3.0.8/easyrsa build-client-full client2 nopass
- openssl dhparam -out /etc/openvpn/server/dh.pem 2048
- Create config-file /etc/openvpn/server.conf:
port 1194 proto udp dev tun ca /etc/openvpn/server/pki/ca.crt cert /etc/openvpn/server/pki/issued/server.crt key /etc/openvpn/server/pki/private/server.key dh /etc/openvpn/server/dh.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-256-CBC user openvpn group openvpn persist-key persist-tun status /var/log/openvpn-server-status.log log-append /var/log/openvpn.log verb 3
- Create .ovpn file for client:
client dev tun proto udp remote vpn-server.host.name 1194 udp resolv-retry infinite nobind persist-key persist-tun cipher AES-256-CBC verb 3 <cert> -----BEGIN CERTIFICATE----- // client base64-encoded cert goes here -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- // client base64-encoded private key goes here -----END PRIVATE KEY----- </key> <ca> -----BEGIN CERTIFICATE----- // ca base64-encoded cert goes here -----END CERTIFICATE----- </ca>
Or, alternatively, if you don't want to embed certs and key to the .ovpn config file itself, you can reference them with these 3 lines:
ca ca.crt cert client1.crt key client1.key
- Open UDP port 1194 in the server's firewall.
- Setup NAT and forwarding if needed.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.