Openvpn: Difference between revisions
No edit summary |
|||
| Line 45: | Line 45: | ||
== configuring options in /etc/openvpn/server.conf == | == configuring options in /etc/openvpn/server.conf == | ||
'''You need at least configure following options''': | '''You need at least to configure following options''': | ||
port 1194 | port 1194 | ||
proto udp | proto udp | ||
| Line 70: | Line 70: | ||
client-to-client | client-to-client | ||
'''example of file ccd/client1''' | '''example of file ccd/client1 when optional client-config-dir enabled''' | ||
we suppose that in client'key is its common name defined 'client1' | |||
iroute 192.168.2.0 255.255.255.0 | iroute 192.168.2.0 255.255.255.0 | ||
ifconfig-push 10.8.0.13 10.8.0.14 | ifconfig-push 10.8.0.13 10.8.0.14 | ||
openvpn by default push all subnets | openvpn by default push all subnets routing defined earlier in server.conf(192.168.2.0/24, 192.168.3.0/24) to this client, | ||
but with this setting will not push routing for 192.168.2.0/24 to this client and all packets arriving oVPNserver with destination address from 192.168.2.0/24 will be redirect to this client. | |||
== configuring client.conf == | == configuring client.conf == | ||
Revision as of 13:47, 27 August 2015
Centos 7
Install ovpn
a)From epel repository for enterprise linux 7
we need to add epel repository if it was not done before [how to use yum]
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -i epel-release-latest-7.noarch.rpm yum install openvpn
b)Using package for enterprise linux 7 from fedoraproject.org
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/o/openvpn-2.3.8-1.el7.x86_64.rpm rpm -i openvpn-2.3.8-1.el7.x86_64.rpm
setting up server
generating server and client keys
preparing configs from samples
yum install easy-rsa mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
You can set export KEY_* in this file for not need to enter credentials for each key separately
vim /etc/openvpn/easy-rsa/vars
Sourcing defined values
cd /etc/openvpn/easy-rsa/ source ./vars
generating server ca,keys
cd /etc/openvpn/easy-rsa/ ./clean-all ./build-ca ./build-key-server server ./build-dh cd keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
generating client keys
cd /etc/openvpn/easy-rsa ./build-key client
note:When asked for 'common name' please fill in unique name for client (it will be listed in openvpn.log after login)
cd keys mkdir client1 cp ca.crt client.key client.crt client1
configuring options in /etc/openvpn/server.conf
You need at least to configure following options:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 4
optional but usefull options
push "route 192.168.2.0 255.255.255.0" push "route 192.168.3.0 255.255.255.0" client-config-dir ccd client-to-client
example of file ccd/client1 when optional client-config-dir enabled we suppose that in client'key is its common name defined 'client1'
iroute 192.168.2.0 255.255.255.0 ifconfig-push 10.8.0.13 10.8.0.14
openvpn by default push all subnets routing defined earlier in server.conf(192.168.2.0/24, 192.168.3.0/24) to this client, but with this setting will not push routing for 192.168.2.0/24 to this client and all packets arriving oVPNserver with destination address from 192.168.2.0/24 will be redirect to this client.
configuring client.conf
enabling service
ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/multi-user.target.wants/openvpn\@server.service sytemctl start openvpn@server sytemctl status openvpn@server sytemctl stop openvpn@server