***WORK IN PROGRESS***
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum update
yum install openvpn
cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn
vim /etc/openvpn/easy-rsa/2.0/vars Edit the following:
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain" cd /etc/openvpn/easy-rsa/2.0/
[root@centos 2.0]# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@centos 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@centos 2.0]# ./clean-all
[root@centos 2.0]# ./build-ca
Press Enter at all prompts because we configured the defaults already.
[root@centos 2.0]# ./build-key-server server
Leave extra attributes blank
Enter "y" and "y"
**Creating first client**
[root@centos 2.0]# ./build-key client1
Leave extra attributes blank
Enter "y" and "y"
Note: You repeat the following to create additional users. "client1" can be named anything.
[root@centos 2.0]# ./build-dh
[root@centos 2.0]# cd /etc/openvpn/easy-rsa/2.0/keys/
[root@centos keys]# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn/
**TO REVOKE**
./vars
./revoke-full client1 [root@centos keys]# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/
[root@centos keys]# cp /usr/share/doc/openvpn-2.1.4//sample-config-files/client.conf ~/
cd ~/
vim ~/client.conf
# The hostname/IP and port of the server. You can have multiple remote entries to load balance between the servers.
IP of openvpn server
;remote my-server-2 1194
# SSL/TLS parms.
# See the server config file for more description. It's best to use a separate .crt/.key file pair for each client. A single ca file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key
*add client name in file
[root@centos ~]# cp ~/client.conf ~/client1.conf
[root@centos ~]# vim /etc/openvpn/server.conf
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
[root@centos ~]# vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls the use of TCP syncookies
#net.ipv4.tcp_syncookies = 1
[root@centos ~]# sysctl -p
[root@centos ~]# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[root@centos ~]# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
[root@centos ~]# iptables -A FORWARD -j REJECT
[root@centos ~]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
[root@centos ~]# /etc/init.d/iptables save
[root@centos ~]# service openvpn start
[root@centos ~]# chkconfig openvpn on
[root@centos ~]# chkconfig iptables on
scp -v ca.crt jsmith@localmachineip:/Users/jsmith/Desktop
cd /etc/openvpn/easy-rsa/2.0/keys/
scp -v client1.crt client1.key jsmith@localmachineip:/Users/jsmith/Desktop
[root@centos ~]# scp -v ~/client1.conf user@192.168.1.109:/Users/user/Desktop
Source: Link, Link, Link
No comments:
Post a Comment