Différences entre versions de « Openvpn »
Aller à la navigation
Aller à la recherche
| Ligne 8 : | Ligne 8 : | ||
* [[SELinux|Désactiver SELinux]] | * [[SELinux|Désactiver SELinux]] | ||
| − | Assurez-vous d'avoir installé le [[Linux_repository | dépôt EPEL]] car '' | + | Assurez-vous d'avoir installé le [[Linux_repository | dépôt EPEL]] car ''OpenVPN'' vient de cette source. |
Une fois ces étapes effectuées, entrons dans le vif du sujet ! | Une fois ces étapes effectuées, entrons dans le vif du sujet ! | ||
Version du 18 octobre 2015 à 13:09
Préparation
Dans un premier temps, il faudra avoir une connexion à Internet, utiliser un serveur DNS et désactiver SELinux.
Pour ceux qui auraient manqué des étapes, les voici:
Assurez-vous d'avoir installé le dépôt EPEL car OpenVPN vient de cette source.
Une fois ces étapes effectuées, entrons dans le vif du sujet !
Installation
yum -y install openvpn easy-rsa
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
vi /etc/openvpn/server.conf push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" user nobody group nobody
mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
vi /etc/openvpn/easy-rsa/vars export KEY_COUNTRY="FR" export KEY_PROVINCE="Hearult" export KEY_CITY="Juvignac" export KEY_ORG="Tala Informatique" export KEY_EMAIL="root@tala.informatique.fr" export KEY_OU="Informatique"
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca
[root@openvpn easy-rsa]# ./build-key-server server Generating a 2048 bit RSA private key .............+++ .........+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [FR]: State or Province Name (full name) [Herault]: Locality Name (eg, city) [Juvignac]: Organization Name (eg, company) [Tala Informatique]: Organizational Unit Name (eg, section) [Informatique]: Common Name (eg, your name or your server's hostname) [server]: Name [EasyRSA]: Email Address [root@tala.informatique.fr]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'FR' stateOrProvinceName :PRINTABLE:'Herault' localityName :PRINTABLE:'Juvignac' organizationName :PRINTABLE:'Tala Informatique' organizationalUnitName:PRINTABLE:'Informatique' commonName :PRINTABLE:'server' name :PRINTABLE:'EasyRSA' emailAddress :IA5STRING:'root@tala.informatique.fr' Certificate is to be certified until Oct 14 17:16:17 2025 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
./build-dh cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa ./build-key client Generating a 2048 bit RSA private key ...........+++ ............+++ writing new private key to 'client.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [FR]: State or Province Name (full name) [Herault]: Locality Name (eg, city) [Juvignac]: Organization Name (eg, company) [Tala Informatique]: Organizational Unit Name (eg, section) [Informatique]: Common Name (eg, your name or your server's hostname) [client]: Name [EasyRSA]: Email Address [root@tala.informatique.fr]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'FR' stateOrProvinceName :PRINTABLE:'Herault' localityName :PRINTABLE:'Juvignac' organizationName :PRINTABLE:'Tala Informatique' organizationalUnitName:PRINTABLE:'Informatique' commonName :PRINTABLE:'client' name :PRINTABLE:'EasyRSA' emailAddress :IA5STRING:'root@tala.informatique.fr' Certificate is to be certified until Oct 14 17:22:18 2025 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -F FORWARD
service iptables save
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
service openvpn start chkconfig openvpn on