openvpn-server-client-config-centos-7

openvpn-server-client-config-centos-7

++++++++++++++++++++++++++++++++++++
+OpenVPN server intalllation notes: +
++++++++++++++++++++++++++++++++++++
 Scenario: 
 Targeted system to be installed on CentO 7 
 and Clients : on Windows, OS X, and Linux.
Prerequisites: 
* CentOS 7 along with root access to the server
* Domain or subdomain that resolves to your server that you can use for the certificates
* We need to make sure that we have Enterprise Linux (EPEL) repository in the system , if not , then we can excute the following to include this reposity.

$ yum install epel-release
###Step 1 — Installing OpenVPN###
yum install openvpn easy-rsa -y

### Step 2 — Configuring OpenVPN
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
vim /etc/openvpn/server.conf

####################
dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
user nobody
group nobody
Save and exit the OpenVPN server configuration file.
####################

###Step 3 — Generating Keys and Certificates###
Let's create a directory for the keys to go in.
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
vim /etc/openvpn/easy-rsa/vars

# Two Important properties:
•	KEY_NAME: server.key and server.crt 
•	KEY_CN: Enter the domain or subdomain that resolves to your server

# Change as you like 
export KEY_COUNTRY="BD"
export KEY_PROVINCE="Dhaka"
export KEY_CITY="Dhaka"
export KEY_ORG="tariqsadminlab"
export KEY_EMAIL="[email protected]"
export KEY_OU="tariqsadminlab"

# X509 Subject Field
export KEY_NAME="server"
export KEY_CN=openvpn.example.com

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

###Client Key Generation
Client Name: mintclient
cd /etc/openvpn/easy-rsa
./build-key client

### Step 4 — Routing###
To keep things simple we're going to do our routing directly with iptables rather than the new firewalld.
First, make sure the iptables service is installed and enabled.
yum install iptables-services -y
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
systemctl restart network.service

###Step 5 — Starting OpenVPN###
systemctl -f enable [email protected]
systemctl start [email protected]

###Step 6 — Configuring a Client###
Copy the followng files From server to client
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client.crt
/etc/openvpn/easy-rsa/keys/client.key
//Creating Client.opn file for the client system in order to be able to kwow how to connect to the server 
client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /path/to/ca.crt
cert /path/to/client.crt
key /path/to/client.key

This file can now be used by any OpenVPN client to connect to your server.
Windows:
Then, place your .ovpn configuration file into the proper directory, C:\Program Files\OpenVPN\config, and click Connect in the GUI. 

OS X:
On Mac OS X, the open source application Tunnelblick provides an interface similar to the OpenVPN GUI on Windows, and comes with OpenVPN and the required TUN/TAP drivers. As with Windows, the only step required is to place your .ovpn configuration file into the ~/Library/Application
Support/Tunnelblick/Configurations directory. Or, you can double-click on your .ovpn file.

Linux:
On Linux, you should install OpenVPN from your distribution's official repositories. You can then invoke OpenVPN by executing:
sudo openvpn --config ~/path/to/client.ovpn
Conclusion
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++