Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@example.com [~]# yum install openvpn gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel easy-rsa nc -y
- root@example.com [~]# cp /usr/share/doc/openvpn-*/sample/sample-config-files/conf /etc/openvpn
- root@example.com [~]# mkdir -p /etc/openvpn/easy-rsa/keys
- root@example.com [~]# cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
- root@example.com [~]# vi /etc/openvpn/easy-rsa/vars
- # These are the default values for fields
- # which will be placed in the certificate.
- # Don't leave any of these fields blank.
- export KEY_COUNTRY="US"
- export KEY_PROVINCE="CA"
- export KEY_CITY="SanFrancisco"
- export KEY_ORG="Fort-Funston"
- export KEY_EMAIL="me@myhost.mydomain"
- export KEY_OU="MyOrganizationalUnit"
- root@example.com [~]# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
- root@example.com [~]# cd /etc/openvpn/easy-rsa
- root@example.com [easy-rsa]# source ./vars
- NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
- root@example.com [easy-rsa]# ./clean-all
- root@example.com [easy-rsa]# ./build-ca
- root@example.com [easy-rsa]# ./build-key-server server
- root@example.com [easy-rsa]# ./build-dh
- root@example.com [keys]# cp dh2048.pem ca.crt crt key /etc/openvpn
- root@example.com [easy-rsa]# ./build-key client
- root@example.com [easy-rsa]# vi /etc/sysctl.conf
- # Controls IP packet forwarding
- net.ipv4.ip_forward = 1
- root@example.com [easy-rsa]# sysctl -p
- #check settings
- root@example.com [easy-rsa]# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.key /home/$USER
- root@example.com [easy-rsa]# chown $USER.$USER /home/$USER/ca.crt /home/$USER/client.crt /home/$USER/client.key
- root@example.com [~]# vim /etc/openvpn/conf
- @@ -140,6 +140,7 @@
- # back to the OpenVPN
- ;push "route 192.168.10.0 255.255.255.0"
- ;push "route 192.168.20.0 255.255.255.0"
- +push "redirect-gateway def1"
- # To assign specific IP addresses to specific
- # clients or if a connecting client has a private
- @@ -199,6 +200,10 @@
- # DNS servers provided by opendns.com.
- ;push "dhcp-option DNS 208.67.222.222"
- ;push "dhcp-option DNS 208.67.220.220"
- +push "dhcp-option DNS 209.141.53.57"
- +push "dhcp-option DNS 50.116.23.211"
- +push "dhcp-option DNS 96.90.175.167"
- +push "dhcp-option DNS 162.211.64.20"
- # Uncomment this directive to allow different
- # clients to be able to "see" each other.
- @@ -271,8 +276,8 @@
- #
- # You can uncomment this out on
- # non-Windows systems.
- -;user nobody
- -;group nobody
- +user nobody
- +group nobody
- # The persist options will try to avoid
- # accessing certain resources on restart
- @@ -312,4 +317,4 @@
- # Notify the client that when the server restarts so it
- # can automatically reconnect.
- -explicit-exit-notify 1
- +;explicit-exit-notify 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement