Cita de admin en 12 abril, 2021, 7:13 pm

##generamos certificados cliente/servidor##

dnf install openvpn easy-rsa
cd /usr/share/easy-rsa/3.0.8
mkdir /etc/openvpn/easy-rsa
cp -rf * /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa/

##generar server keys##

./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-dh
./easyrsa gen-req server nopass
mkdir /etc/openvpn/keys/
chmod 750 /etc/openvpn/keys
cp -a /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/keys/
cp -a /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/keys/dh2048.pem
cp -a /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/keys/
cp -a /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/keys/

##generar client keys ##

cd /etc/openvpn/easy-rsa
./easyrsa gen-req client1 nopass
cp -a /etc/openvpn/easy-rsa/pki/issued/client1.crt /etc/openvpn/keys/
cp -a /etc/openvpn/easy-rsa/pki/private/client1.key /etc/openvpn/keys/

 

###reglas firewall###
firewall-cmd --permanent --add-service openvpn
firewall-cmd --permanent --zone=trusted --add-service openvpn
sudo firewall-cmd --reload
##habilitar servicio##
systemctl enable openvpn-server@server.service
systemctl start openvpn-server@server.service

## archivo server.conf##

port 1194
proto udp
dev tun
comp-lzo
management 127.0.0.1 1194
keepalive 10 120
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status openvpn-status.log
verb 3
server 172.16.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.5"
push "dhcp-option DOMAIN example.com"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem

##archivo client.conf##

client
dev tun
proto udp
remote node2.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client1.key
comp-lzo
verb 3
ns-cert-type server
script-security 2