OpenVPN Fedora
https://fedoraproject.org/wiki/OpenVPN?rd=Openvpn
dnf install openvpn easy-rsa
- Copy
/usr/share/easy-rsa/3
somewhere (like /etc/openvpn/ directory withmkdir /etc/openvpn/easy-rsa; cp -rai /usr/share/easy-rsa/3/* /etc/openvpn/easy-rsa/
). cd /etc/openvpn/easy-rsa
- Edit
vars
appropriately. ./easyrsa clean-all
- Before continuing, make sure the system time is correct. Preferably, set up NTP .
./easyrsa build-ca
./easyrsa build-server-full $( hostname | cut -d. -f1 )
./easyrsa gen-dh
mkdir /etc/openvpn/keys
cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh*.pem /etc/openvpn/keys/
cp -ai /usr/share/doc/openvpn*/sample/sample-config-files/roadwarrior-server.conf /etc/openvpn/serverudp.conf
- Edit
/etc/openvpn/server.conf
appropriately to set your configuration and key paths, which are found in /etc/openvpn/keys/. - Fix selinux context of files:
restorecon -Rv /etc/openvpn
- (Note that 'serverudp' corresponds with the configuration name in /etc/openvpn/server such as serverudp.conf; that is, 'serverudp' corresponds to whatever name your configuration file has)
systemctl enable openvpn-server@serverudp.service
systemctl start openvpn-server@serverudp.service
- Verify that firewall rules allow traffic in from
tun+
, out from the LAN totun+
, and in from the outside on UDP port 1194.
Firewalld/iptables rules:
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT