Installare OpenVPN su ScientificLinux 6.3

Posted on 2 settembre 2013 di

0


wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

rpm -Uvh epel-release-6-8.noarch.rpm

yum install easy-rsa

yum install openvpn
cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn
nano -w /etc/openvpn/server.conf

Togliere i commenti da:
push "redirect-gateway def1 bypass-dhcp"
(per passare il traffico client attraverso il server vpn)
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
per forzare la risoluzione dns dai dns google ad esempio)

user nobody
group nobody
(per abbassare al minimo i privilegi dei guest)

Salvare il file di configurazione.
Dopodichè è opportuno generare le chiavi ed i certificati tramite utilizzo di Easy-rsa:
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa
nano -w /etc/openvpn/easy-rsa/vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="New York"
export KEY_ORG="Organization Name"
export KEY_EMAIL="administrator@example.com"
export KEY_CN=droplet.example.com
export KEY_NAME=server
export KEY_OU=server
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
 
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa
./build-key client
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
nano -w /etc/sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
sysctl -p
service openvpn start
chkconfig openvpn on
Annunci
Posted in: Vmware