Since OpenVPN 2.3.x release there’s no more easy-rsa scripts in /usr/share. So you have to use different approach to setup OpenVPN. It’s easy when you know all the steps.

First let’s install openvpn itself:

We’ll get back to server.conf a bit later, after creating all necessary keys and certificates created.

EASY-RSA SETUP

Now let’s download keytool and generate all required keys and certificates:

If you plan to grant and revoke access, you have to generate CRL and use it in server.conf.

CREATE CLIENT CERTIFICATE AND KEYS

In order to create certificates and keys for client you can use this simple oneliner:

Now you can just grab that archive from the server using scp.

CONFIGURE SERVER.CONF

Now let’s get back to the main part. Your server.conf should have at least these things set:

Here’s the sample client config which should work in this case:

Save it as name.ovpn.

Also we have to setup masquerading for VPN subnet and enable ip_forward in kernel:

For OpenVZ VMs use following iptables rules (where xxx.xxx.xxx.xxx is your EXTERNAL IP address of VM):

Now chown all files and restart openvpn:

REVOKE ACCESS AND GENERATE CRL:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation