after doing steps from
http://wowmoron.blogspot.in/2015/02/make-your-lan-connections-eth0eth1-from.html
I faced some issues to connect internet
so
nano /etc/sysconfig/network-scripts/ifcfg-eth0
change
GATEWAY0="192.168.28.2"
to
GATEWAY="192.168.28.2"
save and exit
yum install epel-release
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl enable iptables
systemctl start iptables
systemctl status iptables
systemctl stop iptables(stopping it to get the openvpn running first and then later enable and configure it)
yum install openvpn
cd /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/
ls
server.conf should be there
cp server.conf /etc/openvpn/
cd /etc/openvpn
nano server.conf
find the line
;push "redirect-gateway def1 bypass-dhcp"
uncomment the line by removing the first semicolon
then find 2 lines starting with
;push "dhcp-option DNS 208...
and
;push "dhcp-option DNS 208...
uncomment them by removing ;
make them look like
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
then find the lines
;user nobody
;group nobody
uncomment those lines by removing ;
save and exit
yum install easy-rsa
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd easy-rsa
ls will show you the vars file
nano vars
ctrl+w
find KEY_COUNTRY
make this section look like this
export KEY_COUNTRY="IN"
export KEY_PROVINCE="WB"
export KEY_CITY="Kolkata"
export KEY_ORG="Sourav"
export KEY_EMAIL="root@server1.sourav.com"
export KEY_OU="Sourav"
save and exit
source ./vars
run the script clean-all in the easy-rsa folder to clear any existing script
./clean-all
now run the script one by one
./build-ca
this script will prompt you to give input such as country code,just press enter and it will take the default values already wrote on the vars file,the default
values will be shown in square brackets will will take over if enter pressed with no inout
when asked for common name just put the server name on which vpn is being is being configures,in my case it is server1
now run another script
./build-key-server $( hostname )
take the default values by pressing enter
for challenge password give a challenge password
then just press y for signing the certificate
then press another y to commit
then run
./build-dh
now to go the keys folder
cd keys
ls will show you the keys
cp ca.crt server1.sourav.com.crt server1.sourav.com.key dh2048.pem /etc/openvpn/
cd ../.. to go to the openvpn folder
ls will show you the necessary key files and server.conf
now type
restorecon -Rv /etc/openvpn
to recursively restoring the security context of selinux
Now create a symbolic link by typing
ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/multi-user.target.wants/openvpn\@server.service
now
nano server.conf
ctrl+w
find server.crt
in my case
make it look like this
ca ca.crt
cert server1.sourav.com.crt
key server1.sourav.com.key
dh dh2048.pem
save and exit
now to forcefully enable (make it available after reboot) openvpn through systemd
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
check the status of openvpn service
systemctl status openvpn@server.service
Sourav Bhattacharya
Linux Faculty for 7 years
http://wowmoron.blogspot.in/2015/02/make-your-lan-connections-eth0eth1-from.html
I faced some issues to connect internet
so
nano /etc/sysconfig/network-scripts/ifcfg-eth0
change
GATEWAY0="192.168.28.2"
to
GATEWAY="192.168.28.2"
save and exit
yum install epel-release
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl enable iptables
systemctl start iptables
systemctl status iptables
systemctl stop iptables(stopping it to get the openvpn running first and then later enable and configure it)
yum install openvpn
cd /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/
ls
server.conf should be there
cp server.conf /etc/openvpn/
cd /etc/openvpn
nano server.conf
find the line
;push "redirect-gateway def1 bypass-dhcp"
uncomment the line by removing the first semicolon
then find 2 lines starting with
;push "dhcp-option DNS 208...
and
;push "dhcp-option DNS 208...
uncomment them by removing ;
make them look like
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
then find the lines
;user nobody
;group nobody
uncomment those lines by removing ;
save and exit
yum install easy-rsa
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd easy-rsa
ls will show you the vars file
nano vars
ctrl+w
find KEY_COUNTRY
make this section look like this
export KEY_COUNTRY="IN"
export KEY_PROVINCE="WB"
export KEY_CITY="Kolkata"
export KEY_ORG="Sourav"
export KEY_EMAIL="root@server1.sourav.com"
export KEY_OU="Sourav"
save and exit
source ./vars
run the script clean-all in the easy-rsa folder to clear any existing script
./clean-all
now run the script one by one
./build-ca
this script will prompt you to give input such as country code,just press enter and it will take the default values already wrote on the vars file,the default
values will be shown in square brackets will will take over if enter pressed with no inout
when asked for common name just put the server name on which vpn is being is being configures,in my case it is server1
now run another script
./build-key-server $( hostname )
take the default values by pressing enter
for challenge password give a challenge password
then just press y for signing the certificate
then press another y to commit
then run
./build-dh
now to go the keys folder
cd keys
ls will show you the keys
cp ca.crt server1.sourav.com.crt server1.sourav.com.key dh2048.pem /etc/openvpn/
cd ../.. to go to the openvpn folder
ls will show you the necessary key files and server.conf
now type
restorecon -Rv /etc/openvpn
to recursively restoring the security context of selinux
Now create a symbolic link by typing
ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/multi-user.target.wants/openvpn\@server.service
now
nano server.conf
ctrl+w
find server.crt
in my case
make it look like this
ca ca.crt
cert server1.sourav.com.crt
key server1.sourav.com.key
dh dh2048.pem
save and exit
now to forcefully enable (make it available after reboot) openvpn through systemd
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
check the status of openvpn service
systemctl status openvpn@server.service
Sourav Bhattacharya
Linux Faculty for 7 years
No comments:
Post a Comment