OpenVPN - create your own VPN server

OpenVPN - create your own VPN server

apt-get install openvpn

https://openvpn.net/index.php/open-source/documentation/howto.html
https://www.howtoforge.com/tutorial/how-to-install-openvpn-server-and-client-with-easy-rsa-3-on-centos-8/

New Download version (14-10-2020) https://github.com/OpenVPN/easy-rsa.git

mkdir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
unzip easy-rsa-master.zip

cd /etc/openvpn/easy-rsa/easy-rsa-master
#Clear MS Windows shit (90% of space)
rm -rf distro/windows

cd /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3

vi vars
if [ -z "$EASYRSA_CALLER" ]; then
echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
echo "This is no longer necessary and is disallowed. See the section called" >&2
echo "'How to use this file' near the top comments for more details." >&2
return 1
fi
set_var EASYRSA "${0%/*}"
set_var EASYRSA_OPENSSL "openssl"
set_var EASYRSA_PKI "$PWD/pki"
set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
set_var EASYRSA_DN "cn_only"
set_var EASYRSA_REQ_COUNTRY "NL"
set_var EASYRSA_REQ_PROVINCE "<....>"
set_var EASYRSA_REQ_CITY "<Your City>"
set_var EASYRSA_REQ_ORG "<Your Organisation>"
set_var EASYRSA_REQ_EMAIL "<Info@Yourdomain>"
set_var EASYRSA_REQ_OU "Your Organisation>"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CURVE secp384r1
set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 3650
set_var EASYRSA_CRL_DAYS 180
set_var EASYRSA_CERT_RENEW 30


chmod 755 vars

./easyrsa init-pki
./easyrsa build-ca nopass
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: Unix4Life

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/ca.crt

 

./easyrsa gen-req vpnserver nopass

Common Name (eg: your user, host, or server name) [vpnserver]:

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/reqs/vpnserver.req
key: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/private/vpnserver.key


./easyrsa sign-req server vpnserver

Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/easy-rsa-16485.Ej254q/tmp.AUmJ0y
Enter pass phrase for /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/private/ca.key:

Certificate created at: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/issued/vpnserver.crt

openssl verify -CAfile pki/ca.crt pki/issued/vpnserver.crt
pki/issued/vpnserver.crt: OK

##Generating Diffie-Hellman (DH) params
./easyrsa gen-dh
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time !!!!!!!!!!!!!!!!!!!

vi /etc/openvpn/server.conf
port <portnumber>
proto tcp
dev tun
ca ca.crt
cert vpnserver.crt
key vpnserver.key # This file should be kept secret
dh dh.pem
server <Your IP range you will choose for NAT> <SubnetMask>
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 0

 

find /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3 -name '*.crt' -exec cp -p {} /etc/openvpn/ \;
find /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3 -name '*.key' -exec cp -p {} /etc/openvpn/ \;
find /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3 -name 'dh.pem' -exec cp -p {} /etc/openvpn/ \;


systemctl enable openvpn
systemctl start openvpn

# Build for all family members: client1/2/3/4
./easyrsa gen-req Client1
Enter PEM pass phrase: <Your passphrase>
Verifying - Enter PEM pass phrase: <Your passphrase>
Common Name (eg: your user, host, or server name) [Client1]: [Enter]

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/reqs/Client1.req
key: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/private/Client1.key

./easyrsa sign-req client Client1
Confirm request details: yes
Enter pass phrase for /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/private/ca.key: <Your passphrase>

Certificate created at: /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/issued/Client1.crt

find /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3 -name '*.crt' -exec cp -p {} /etc/openvpn/ \;
find /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3 -name '*.key' -exec cp -p {} /etc/openvpn/ \;

cat /etc/openvpn/easy-rsa/easy-rsa-master/easyrsa3/pki/index.txt

 

Leave your feedback!

What do you think or any questions?

Send us feedback!

Enter the sum of the numbers.

Menu

  If you like my website, feel free to donate via the Paypal button... A small amount for a cup of coffee is enough ;-) Thank you!