Pada kesempatan kali ini saya akan membahas cara Install OpenVPN Server pada Rocky Linux.
Ya langsung saja kita mulai :
1. Install repo
dnf install epel-release -y
2. install openvpn
dnf install openvpn
3. Install Easy-RSA CA
dnf install easy-rsa
4. config Easy-RSA
mkdir /etc/easy-rsa
cp -air /usr/share/easy-rsa/3/* /etc/easy-rsa/
cd /etc/easy-rsa/
./easyrsa init-pki
5. Generate the Certificate Authority (CA)
./easyrsa build-ca
6. Generate Diffie Hellman Parameters
./easyrsa gen-dh
7. Generate OpenVPN Server Certificate and Key
cd /etc/easy-rsa
./easyrsa build-server-full server nopass
8. Generate Hash-based Message Authentication Code (HMAC) key
openvpn --genkey --secret /etc/easy-rsa/pki/ta.key
9. Generate a Revocation Certificate
./easyrsa gen-crl
10. Copy Server Certificates dan Keys ke Server Directory
cp -rp /etc/easy-rsa/pki/{ca.crt,dh.pem,ta.key,crl.pem,issued,private} /etc/openvpn/server/
11. Generate OpenVPN Client Certificate and Key
cd /etc/easy-rsa
./easyrsa build-client-full yuby nopass
12. cara generate client yang lain
./easyrsa build-client-full roy nopass
13. Copy Client Certificates dan Keys to Client Directory
mkdir /etc/openvpn/client/{yuby,roy}
cp -rp /etc/easy-rsa/pki/{ca.crt,issued/gentoo.crt,private/yuby.key} /etc/openvpn/client/yuby
cp -rp /etc/easy-rsa/pki/{ca.crt,issued/johndoe.crt,private/roy.key} /etc/openvpn/client/roy/
14. config openvpn
cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server/
nano /etc/openvpn/server/server.conf
15. buat log
mkdir /var/log/openvpn/
16. Configure OpenVPN Server Routing
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl --system
- allow firewall
firewall-cmd --add-port=1194/udp --permanent
- aktifkan masquarde
firewall-cmd --add-masquerade --permanent
- misalkan
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 192.168.0.0/24 -o enp0s3 -j MASQUERADE
firewall-cmd --reload
systemctl enable --now openvpn-server@server