OpenVPN Configuration in Centos 6.6

Configure server.conf
1)

cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn/

2)

nano -w /etc/openvpn/server.conf

uncomment push “redirect-gateway def1 bypass-dhcp”
uncomment and change push “dhcp-option DNS 8.8.8.8”
uncomment and change push “dhcp-option DNS 8.8.4.4”
uncomment user nobody
uncomment group nobody
change port to 443
comment proto udp
ucomment proto tcp
comment ifconfig-pool-persist ipp.txt
comment status openvpn-status.log
add line log /dev/null
add line status /dev/null

Generate Keys and Certificates
3)

mkdir -p /etc/openvpn/easy-rsa/

4)

cp -R /usr/share/easy-rsa/2.0/ /etc/openvpn/easy-rsa/

5)

nano -w /etc/openvpn/easy-rsa/2.0/vars

adjust vars values accordingly
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”NY”
export KEY_CITY=”New York”
export KEY_ORG=”Organization Name”
export KEY_EMAIL=”administrator@example.com”
export KEY_CN=”droplet.example.com”
export KEY_NAME=server
export KEY_OU=server

change export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` to export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

6)

cd /etc/openvpn/easy-rsa/2.0/

7)

chmod 0755 *

8)

source ./vars

9)

./clean-all

10)

./build-ca

11)

./build-key-server server

(leave challenge password blank)

Generate Diffie Hellman key exchange files
12)

./build-dh

Configure server.conf file once more
13)

nanow /etc/openvpn/server.conf

change dh dh2048.pem to dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
change ca ca.crt to ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
change cert server.crt to ca /etc/openvpn/easy-rsa/2.0/keys/ server.crt
change key server.key to ca /etc/openvpn/easy-rsa/2.0/keys/ server.key

Generate clients certificates
14)

./build-key client

(this time enter a challenge password)

Categories: OpenVPN Tags: , ,
%d bloggers like this: