OpenVPN Fedora

OpenVPN Fedora

https://fedoraproject.org/wiki/OpenVPN?rd=Openvpn

1. dnf install openvpn easy-rsa
2. Copy /usr/share/easy-rsa/3 somewhere (like /etc/openvpn/ directory with mkdir /etc/openvpn/easy-rsa; cp -rai /usr/share/easy-rsa/3/* /etc/openvpn/easy-rsa/).
3. cd /etc/openvpn/easy-rsa
4. Edit vars appropriately.
5. ./easyrsa clean-all
6. Before continuing, make sure the system time is correct. Preferably, set up NTP .
7. ./easyrsa build-ca
8. ./easyrsa build-server-full $( hostname | cut -d. -f1 )
9. ./easyrsa gen-dh
10. mkdir /etc/openvpn/keys
11. cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh*.pem /etc/openvpn/keys/
12. cp -ai /usr/share/doc/openvpn*/sample/sample-config-files/roadwarrior-server.conf /etc/openvpn/serverudp.conf
13. Edit /etc/openvpn/server.conf appropriately to set your configuration and key paths, which are found in /etc/openvpn/keys/.
14. Fix selinux context of files: restorecon -Rv /etc/openvpn
15. (Note that 'serverudp' corresponds with the configuration name in /etc/openvpn/server such as serverudp.conf; that is, 'serverudp' corresponds to whatever name your configuration file has)
16. systemctl enable openvpn-server@serverudp.service
17. systemctl start openvpn-server@serverudp.service
18. Verify that firewall rules allow traffic in from tun+, out from the LAN to tun+, and in from the outside on UDP port 1194.

Firewalld/iptables rules:

iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT