Monday, May 23, 2022
Rocky Linux VPN

Install OpenVPN Server pada Rocky Linux

openvpn

Pada kesempatan kali ini saya akan membahas cara Install OpenVPN Server pada Rocky Linux.

Ya langsung saja kita mulai :

1. Install repo

dnf install epel-release -y

2. install openvpn

dnf install openvpn

3. Install Easy-RSA CA

dnf install easy-rsa

4. config Easy-RSA

mkdir /etc/easy-rsa

cp -air /usr/share/easy-rsa/3/* /etc/easy-rsa/

cd /etc/easy-rsa/

./easyrsa init-pki

5. Generate the Certificate Authority (CA) 

./easyrsa build-ca

6. Generate Diffie Hellman Parameters

./easyrsa gen-dh

7. Generate OpenVPN Server Certificate and Key

cd /etc/easy-rsa

./easyrsa build-server-full server nopass

8. Generate Hash-based Message Authentication Code (HMAC) key

openvpn --genkey --secret /etc/easy-rsa/pki/ta.key

9. Generate a Revocation Certificate

./easyrsa gen-crl

10. Copy Server Certificates dan Keys ke Server Directory

cp -rp /etc/easy-rsa/pki/{ca.crt,dh.pem,ta.key,crl.pem,issued,private} /etc/openvpn/server/

11. Generate OpenVPN Client Certificate and Key

cd /etc/easy-rsa

./easyrsa build-client-full yuby nopass


12. cara generate client yang lain

./easyrsa build-client-full roy nopass

13. Copy Client Certificates dan Keys to Client Directory

mkdir /etc/openvpn/client/{yuby,roy}
cp -rp /etc/easy-rsa/pki/{ca.crt,issued/gentoo.crt,private/yuby.key} /etc/openvpn/client/yuby
cp -rp /etc/easy-rsa/pki/{ca.crt,issued/johndoe.crt,private/roy.key} /etc/openvpn/client/roy/

14. config openvpn

cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server/

nano /etc/openvpn/server/server.conf

15. buat log

mkdir /var/log/openvpn/

16. Configure OpenVPN Server Routing

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl --system

- allow firewall

firewall-cmd --add-port=1194/udp --permanent

- aktifkan masquarde

firewall-cmd --add-masquerade --permanent

- misalkan

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 192.168.0.0/24 -o enp0s3 -j MASQUERADE

firewall-cmd --reload

systemctl enable --now openvpn-server@server
(Visited 11 times, 1 visits today)
Klik untuk berbagi dengan orang lain
Baca Juga :  Install PHP Composer pada Rocky Linux

Similar Posts