How to Configure OpenVPN in Centos 7

How to Configure OpenVPN in Centos 7
How to Configure OpenVPN in Centos 7
We will learn How to Configure VPN in EC2 Instance as well as Local Server (In Office) for access the Office Network from Out side. In Cloud, If We are Configuring own VPC and Creating Public and Private Subnet for the Environment but Public Subnet EC2 Iinstance easy to access but not access to Private Subnet EC2 instance. that way We will Configure the OpenVPN in Cloud.

1. Create EC2 Instance in Your Public Subnet :-
2. Download the Package and Install it :-
yum install wget -y
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel*.rpm
yum install openvpn openssl ca-certificates easy-rsa -y

3. Copy sample file and Create a directory for keys and Certificates :-
cp /usr/share/doc/openvpn-2.4.6/sample/sample-config-files/server.conf /etc/openvpn/
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/3.0.3/* /etc/openvpn/easy-rsa/
cp /etc/openvpn/easy-rsa/openssl-1.0.cnf /etc/openvpn/openssl.cnf

4. Creating the PKI for CA :-
./easyrsa init-pki
5. Creating a Certificate Authority :-
./easyrsa --batch build-ca nopass
6. Creating Diffie-Hellman key Exchange :-
./easyrsa gen-dh
7. Creating Server Key and certificate with Nopassword :-
./easyrsa build-server-full server nopass
8. Creating Client Key and Certificate with Nopassword :-
./easyrsa build-client-full client nopass
9. Creating crl.pem along with  tls-auth key :-
openvpn --genkey --secret /etc/openvpn/ta.key
./easyrsa gen-crl
10. Copy All file in this Directory /etc/openvpn/ :-
cp pki/ca.crt /etc/openvpn/
cp pki/private/ca.key /etc/openvpn/
cp pki/dh.pem /etc/openvpn/
cp pki/issued/server.crt /etc/openvpn/
cp pki/private/server.key /etc/openvpn/
cp pki/crl.pem /etc/openvpn/
11. Give the Permission to crl.pem :-
chown nobody:nobody /etc/openvpn/crl.pem
12.  Open this file and Uncommants these Words :-
vim /etc/openvpn/server.conf
port 1194
proto udp
dev tun
#sndbuf 0
#rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
#comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
#crl-verify crl.pem
log openvpn.log
13. Add this for IP Forwarding :-
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
14. Restart the Network Service :-
sudo systemctl restart network.service
15. Restart OpenVPN Service :-
systemctl enable openvpn@server.service
systemctl restart openvpn@server.service

Note :- If you are using Iptable must be use below command and also using  Firewall in Your Server command below.

IPTABLES :-
yum install iptables iptables-services
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -D INPUT -p 1194 --dport udp -j ACCEPT
iptables-save > /etc/sysconfig/iptables
FIREWALL :-
sudo firewall-cmd --get-active-zones
firewall-cmd --zone=trusted --add-service openvpn
firewall-cmd --zone=trusted --add-service openvpn --permanent
firewall-cmd --list-services --zone=trusted
sudo firewall-cmd --add-masquerade
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --query-masquerade
SHARK=$(ip route get 8.8.8.8 | awk 'NR==1 {print $(NF-2)}')
sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o $SHARK -j MASQUERADE
sudo firewall-cmd --reload

Note :- If you facing a problem the Chef Server Configuration troubleshoot.




How to Configure OpenVPN in Centos 7 How to Configure OpenVPN in Centos 7 Reviewed by Unknown on September 10, 2018 Rating: 5

No comments:

Scribe

http://feeds.feedburner.com/LinuxAndAws
Powered by Blogger.
X

Get Updates On

Linux Tutorial

AWS Tutorial

Devops Tutorial

We are going to send you our resources for free. To collect your copy at first, join our mailing list. So don't miss any updates, stay connected!