Notes by Peter Galonza(Пётр Галонза)
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Hi, it’s my notes
  2. /
  3. Operations
  4. /
  5. OpenVPN

OpenVPN

Install

Package

yum -y install openvpn unzip zip

Create the directory for keys

mkdir /etc/openvpn/keys

Download Easy-RSA

cd /etc/openvpn/keys
wget https://github.com/OpenVPN/easy-rsa/archive/master.zip

Create the PKI-keys structure

unzip master.zip
cd /etc/openvpn/keys/easy-rsa-master/easyrsa3
mv vars.example vars
./easyrsa init-pki

Create verification center CA

./easyrsa build-ca

Create the certificate request for server without password

./easyrsa gen-req server nopass

Sign a request for a certificate

./easyrsa sign-req server server

Diffie–Hellman

./easyrsa gen-dh

Copy keys to folder openvpn

cp pki/ca.crt /etc/openvpn/ca.crt
cp pki/dh.pem /etc/openvpn/dh.pem
cp pki/issued/server.crt /etc/openvpn/server.crt
cp pki/private/server.key /etc/openvpn/server.key

Create the key for client

./easyrsa gen-req client nopass
./easyrsa sign-req client client

Check the key

openssl verify -CAfile pki/ca.crt pki/issued/client.crt

Create folders for log and ccd

mkdir /etc/openvpn/ccd && mkdir /var/log/openvpn

Create the configuration file for client /etc/openvpn/ccd/client

iroute 192.168.20.0 255.255.255.0
gdoc_arrow_left_alt Openfire PHP-FPM gdoc_arrow_right_alt