How to Install OpenVPN on CentOS 7

How to install openVPN on CentOS 7

W tym poradniku, we will show you how to install and configure an OpenVPN server on CentOS 7. OpenVPN is one of the most popular VPN software solutions that implements virtual private network techniques for creating secure point-to-point or site-to-site connections. Podręcznik ten powinien działać na innych Linux VPS systemy jak dobrze, ale był testowany i napisany dla CentOS 7. Installing openVPN on CentOS7 is an easy task, just carefully follow the steps bellow and you should have it done in less than 10 minuty.

Zaloguj się do swojego VPS przez SSH

ssh [email protected]_IP

Aktualizacji systemu

yum update

1. Install OpenVPN

OpenVPN is not available in the official CentOS 7 repositories so first we need to add the EPEL repository and then install the package:

To enable the Epel repository run the following command:

yum install epel-release

Once the repository is enabled install the openvpn and openssl packages:

yum install openvpn openssl

2. Generate local certificate authority

Pierwszy, generate the Diffie-Hellman parameters (DH file) which is used to secure the key exchange between the server and the client. This command can take a while to run depending on the server.

openssl dhparam -out /etc/openvpn/dh.pem 2048

Generate ca.crt (certificate authority) file:

openssl genrsa -out /etc/openvpn/ca.key 2048
chmod 600 /etc/openvpn/ca.key
openssl req -new -key /etc/openvpn/ca.key -out /etc/openvpn/ca.csr -subj /CN=OpenVPN-CA/
openssl x509 -req -in /etc/openvpn/ca.csr -out /etc/openvpn/ca.crt -signkey /etc/openvpn/ca.key -days 365
echo 01 > /etc/openvpn/ca.srl

3. Configure OpenVPN server

Create server certificate and key with the following commands will generate a server certificate and key:

openssl genrsa -out /etc/openvpn/server.key 2048
chmod 600 /etc/openvpn/server.key
openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -subj /CN=OpenVPN/
openssl x509 -req -in /etc/openvpn/server.csr -out /etc/openvpn/server.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 365

4. Create OpenVPN server configuration file

You can either copy and edit the default OpenVPN configuration or create a new one from scratch.

nano /etc/openvpn/server.conf
server 10.8.0.0 255.255.255.0
verb 3
key /etc/openvpn/server.key
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh.pem
keepalive 10 120
persist-key
persist-tun
comp-lzo
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

user nobody
group nogroup

proto udp
port 1194
dev tun1194
status openvpn-status.log

save the file and enable and start the OpenVPN service with:

systemctl enable [email protected]
systemctl start [email protected]

Add the following iptables rule so that traffic can leave the VPN. Zmienić eth0 with the public network interface of your server.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -O eth0 -j MASQUERADE

Note: If you are running an openvz based VPS
instead of the rule above add: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source YOUR_SERVER_IP>

Wreszcie, we also need to allow IP forwarding:

sysctl -w net.ipv4.ip_forward=1

5. Create client certificate and key

The following commands will generate a client certificate and key:

openssl genrsa -out /etc/openvpn/client.key 2048
chmod 600 /etc/openvpn/client.key
openssl req -new -key /etc/openvpn/client.key -out /etc/openvpn/client.csr -subj /CN=OpenVPN-Client/
openssl x509 -req -in /etc/openvpn/client.csr -out /etc/openvpn/client.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 36525

Kolejny, copy the following files to your client machine

/etc/openvpn/ca.crt
/etc/openvpn/client.crt
/etc/openvpn/client.key

6. Start OpenVPN on CentOS 7

start your OpenVPN client with the following configuration.

client
nobind
dev tun
redirect-gateway def1 bypass-dhcp
remote YOUR_SERVER_IP 1194 udp
comp-lzo yes
duplicate-cn

key /etc/openvpn/client.key
cert /etc/openvpn/client.crt
ca /etc/openvpn/ca.crt

Do not forget to change YOUR_SERVER_IP with your OpenVPN server IP address.

To jest to. You have successfully installed a configured an OpenVPN server on your CentOS 7 VPS.

Oczywiście, you don’t have to install OpenVPN on CentOS 7, jeśli używasz jednego z naszych CentOS 7 Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install OpenVPN on CentOS 7, dla Ciebie. Są one dostępne 24 × 7 i od razu zadbać o swoje zamówienie.

Źródło

Zostaw odpowiedź

Ta witryna używa Akismet aby ograniczyć ilość spamu. Dowiedz się w jaki sposób dane są przetwarzane komentarz.

Używamy cookies, aby dać Ci jak najlepsze doświadczenia w Internecie. Zgadzając akceptację użycia plików cookie, zgodnie z naszą polityką cookies.