How to install openvpn server on CentOS7

来自koorka知识分享
跳转至: 导航搜索
  • Installing OpenVPN

yum install epel-release

yum install openvpn easy-rsa -y

  • Configuring OpenVPN

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

vi /etc/openvpn/server.conf

if set the vpn as the default gateway:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 106.187.95.5"
push "dhcp-option DNS 106.186.116.5"
if the vpn only as the private network part:
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.253"
push "dhcp-option DNS 202.106.196.115”
user nobody
group nobody
#explicit-exit-notify 1
  • Generating Keys and Certificates

sudo mkdir -p /etc/openvpn/easy-rsa/keys

sudo cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

sudo vi /etc/openvpn/easy-rsa/vars
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="BeiJing"
export KEY_ORG="Koorka"
export KEY_EMAIL="zhangzhaoxiong@yourdomain.com"
export KEY_OU="Community"

# X509 Subject Field
export KEY_NAME="server"
export KEY_CN=openvpn.yourdomain.com
sudo cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

su - root

cd /etc/openvpn/easy-rsa

source ./vars

./clean-all

./build-ca

./build-key-server server

./build-dh

cd /etc/openvpn/easy-rsa/keys

cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

cd /etc/openvpn/easy-rsa

./build-key koorka_client

  • Configure Routing and firewall

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

vi /etc/sysctl.conf :
net.ipv4.ip_forward = 1
sysctl -p
  • Starting OpenVPN

systemctl -f enable openvpn@server.service

systemctl start openvpn@server.service

  • Configuring a Client

need the following client files:

/etc/openvpn/easy-rsa/keys/ca.crt

/etc/openvpn/easy-rsa/keys/koorka_client.crt

/etc/openvpn/easy-rsa/keys/koorka_client.key

create client file koorka_client.ovpn:
client
dev tun
proto tcp
remote 111.164.217.112 1281
resolv-retry infinite
nobind
persist-key
persist-tun
link-mtu 1559
cipher AES-256-CBC
keysize 256
ca ca.crt
cert koorka_client.crt
key koorka_client.key
for Linux client:

openvpn --config ~/path/to/koorka_client.ovpn