Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to configure OpenVPN under Centos7.7

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to configure OpenVPN under Centos7.7". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to configure OpenVPN under Centos7.7.

OpenVPN literal translation is a virtual private channel, which provides a tunnel for secure data transmission between enterprises or between individuals and companies. OpenVPN is undoubtedly the vanguard of open source VPN under Linux, providing good performance and friendly user GUI.

Prepare Centos7.7 as server Windows 10 as client Easy-RSA 3.0.6 server openvpn version 2.4.8

Close selinux [root@localhost ~] # sed-I'/ ^ SELINUX/s/enforcing/disabled/g' / etc/selinux/config [root@localhost ~] # setenforce 0 install epel warehouse and openvpn, Easy-RSA [root@localhost ~] # yum-y install epel-release & & yum-y install openvpn easy-rsa configure EASY-RSA 3.0

Create an easy-rsa folder under the / etc/openvpn folder and copy the related files into it

[root@localhost ~] # cp-r / usr/share/easy-rsa/3/* / etc/openvpn/easy-rsa/ [root@localhost ~] # cp-p / usr/share/doc/easy-rsa-3.0.6/vars.example / etc/openvpn/easy-rsa/vars create keys related to OpenVPN

We will create CA keys, server-side and client-side keys, DH and CRL PEM, and TLS authentication key ta.key.

[root@localhost easy-rsa] # cd / etc/openvpn/easy-rsa/ initializes and establishes the CA certificate

Before creating server and client keys, you need to initialize the PKI directory

[root@localhost easy-rsa] #. / easyrsa init-pki [root@localhost easy-rsa] #. / easyrsa build-ca nopass create server key

Create a server key named server1.key

[root@localhost easy-rsa] #. / easyrsa gen-req server1 nopass

Adding the nopass option means that you do not need to add a password for the key.

Sign the server1 key with a CA certificate

[root@localhost easy-rsa] #. / easyrsa sign-req server server1 create client key

Create a client key named client1.key

[root@localhost easy-rsa] #. / easyrsa gen-req client1 nopass

Sign the client1 key with a CA certificate

[root@localhost easy-rsa] #. / easyrsa sign-req client client1 create DH key

Generate a 2048-bit key from the vars configuration file created at the top

[root@localhost easy-rsa] #. / easyrsa gen-dh create TLS authentication key [root@localhost easy-rsa] # openvpn-- genkey-- secret / etc/openvpn/easy-rsa/ta.key generate certificate revocation list (CRL) key

The CRL (Certificate revocation list) key is used to revoke the client key. If you have more than one client certificate on the server and want to delete a key, simply revoke it with the command. / easyrsa revoke NAME.

Generate the CRL key:

[root@localhost easy-rsa] #. / easyrsa gen-crl copy certificate file

Copy the ca certificate, ta.key and server certificate and key to the / etc/openvpn/server folder

[root@localhost easy-rsa] # cp-p pki/ca.crt / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p pki/issued/server1.crt / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p pki/private/server1.key / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p ta.key / etc/openvpn/server/

Copy the ca certificate, ta.key and client certificate and key to the / etc/openvpn/client folder

[root@localhost easy-rsa] # cp-p pki/ca.crt / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p pki/issued/client1.crt / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p pki/private/client1.key / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p ta.key / etc/openvpn/client/

Copy dh.pem, crl.pem to / etc/openvpn/client folder

[root@localhost easy-rsa] # cp pki/dh.pem / etc/openvpn/server/ [root@localhost easy-rsa] # cp pki/crl.pem / etc/openvpn/server/ here, I believe you have a better understanding of "how to configure OpenVPN under Centos7.7". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report