API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 13th, 2017
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.80 KB | None | 0 0
raw download clone embed print report
  1. root@example.com [~]# yum install openvpn gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel easy-rsa nc -y
  2. root@example.com [~]# cp /usr/share/doc/openvpn-*/sample/sample-config-files/conf /etc/openvpn
  3. root@example.com [~]# mkdir -p /etc/openvpn/easy-rsa/keys
  4. root@example.com [~]# cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
  5. root@example.com [~]# vi /etc/openvpn/easy-rsa/vars
  6.  
  7. # These are the default values for fields
  8. # which will be placed in the certificate.
  9. # Don't leave any of these fields blank.
  10. export KEY_COUNTRY="US"
  11. export KEY_PROVINCE="CA"
  12. export KEY_CITY="SanFrancisco"
  13. export KEY_ORG="Fort-Funston"
  14. export KEY_EMAIL="me@myhost.mydomain"
  15. export KEY_OU="MyOrganizationalUnit"
  16.  
  17. root@example.com [~]# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
  18. root@example.com [~]# cd /etc/openvpn/easy-rsa
  19. root@example.com [easy-rsa]# source ./vars
  20. NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
  21. root@example.com [easy-rsa]# ./clean-all
  22. root@example.com [easy-rsa]# ./build-ca
  23.  
  24. root@example.com [easy-rsa]# ./build-key-server server
  25. root@example.com [easy-rsa]# ./build-dh
  26.  
  27. root@example.com [keys]# cp dh2048.pem ca.crt crt key /etc/openvpn
  28. root@example.com [easy-rsa]# ./build-key client
  29.  
  30. root@example.com [easy-rsa]# vi /etc/sysctl.conf
  31.  
  32. # Controls IP packet forwarding
  33. net.ipv4.ip_forward = 1
  34.  
  35. root@example.com [easy-rsa]# sysctl -p
  36. #check settings
  37. root@example.com [easy-rsa]# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.key /home/$USER
  38. root@example.com [easy-rsa]# chown $USER.$USER /home/$USER/ca.crt /home/$USER/client.crt /home/$USER/client.key
  39.  
  40.  
  41. root@example.com [~]# vim /etc/openvpn/conf
  42. @@ -140,6 +140,7 @@
  43. # back to the OpenVPN
  44. ;push "route 192.168.10.0 255.255.255.0"
  45. ;push "route 192.168.20.0 255.255.255.0"
  46. +push "redirect-gateway def1"
  47.  
  48. # To assign specific IP addresses to specific
  49. # clients or if a connecting client has a private
  50. @@ -199,6 +200,10 @@
  51. # DNS servers provided by opendns.com.
  52. ;push "dhcp-option DNS 208.67.222.222"
  53. ;push "dhcp-option DNS 208.67.220.220"
  54. +push "dhcp-option DNS 209.141.53.57"
  55. +push "dhcp-option DNS 50.116.23.211"
  56. +push "dhcp-option DNS 96.90.175.167"
  57. +push "dhcp-option DNS 162.211.64.20"
  58.  
  59. # Uncomment this directive to allow different
  60. # clients to be able to "see" each other.
  61. @@ -271,8 +276,8 @@
  62. #
  63. # You can uncomment this out on
  64. # non-Windows systems.
  65. -;user nobody
  66. -;group nobody
  67. +user nobody
  68. +group nobody
  69.  
  70. # The persist options will try to avoid
  71. # accessing certain resources on restart
  72. @@ -312,4 +317,4 @@
  73.  
  74. # Notify the client that when the server restarts so it
  75. # can automatically reconnect.
  76. -explicit-exit-notify 1
  77. +;explicit-exit-notify 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!