Hispanitat nº 7 Local C

08225, Terrassa (Barcelona)

+34 600 676 872

Soporte Técnico

Lunes-Viernes: 9:30 a 13:30 - 16:30 a 20:00

Sábados a convenir

Facebook-f Instagram Linkedin
Por favor, o Regístrate para crear mensajes y debates.

CONFIGURACION OPENVPN 2026

admin@admin
154 publicaciones
#1 · 1 julio, 2024, 11:16 am
dnf install epel-release


dnf install openvpn


cd /etc/openvpn/
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.2.5/EasyRSA-3.2.5.tgz


tar -xf EasyRSA-3.2.5.tgz
mv EasyRSA-3.2.5/ easy-rsa/; rm -f EasyRSA-3.2.5.tgz


cd /etc/openvpn/easy-rsa/
vim vars


set_var EASYRSA                 "$PWD"
set_var EASYRSA_PKI             "$EASYRSA/pki"
set_var EASYRSA_DN              "cn_only"
set_var EASYRSA_REQ_COUNTRY     "ID"
set_var EASYRSA_REQ_PROVINCE    "Jakarta"
set_var EASYRSA_REQ_CITY        "Jakarta"
set_var EASYRSA_REQ_ORG         "hakase-labs CERTIFICATE AUTHORITY"
set_var EASYRSA_REQ_EMAIL       "openvpn@hakase-labs.io"
set_var EASYRSA_REQ_OU          "HAKASE-LABS EASY CA"
set_var EASYRSA_KEY_SIZE        2048
set_var EASYRSA_ALGO            rsa
set_var EASYRSA_CA_EXPIRE       7500
set_var EASYRSA_CERT_EXPIRE     365
set_var EASYRSA_NS_SUPPORT      "no"
set_var EASYRSA_NS_COMMENT      "HAKASE-LABS CERTIFICATE AUTHORITY"
set_var EASYRSA_EXT_DIR         "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF        "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST          "sha256"


chmod +x vars


cd /etc/openvpn/easy-rsa/


./easyrsa init-pki
cd /etc/openvpn/easy-rsa/pki
openssl rand -writerand .rnd

./easyrsa build-ca


./easyrsa gen-req hakase-server nopass


./easyrsa sign-req server hakase-server


openssl verify -CAfile pki/ca.crt pki/issued/hakase-server.crt


./easyrsa gen-req client01 nopass


./easyrsa sign-req client client01


openssl verify -CAfile pki/ca.crt pki/issued/client01.crt


./easyrsa gen-dh


./easyrsa revoke someone


./easyrsa gen-crl


cp pki/ca.crt /etc/openvpn/server/
cp pki/issued/hakase-server.crt /etc/openvpn/server/
cp pki/private/hakase-server.key /etc/openvpn/server/


cp pki/ca.crt /etc/openvpn/client/
cp pki/issued/client01.crt /etc/openvpn/client/
cp pki/private/client01.key /etc/openvpn/client/


cp pki/dh.pem /etc/openvpn/server/
cp pki/crl.pem /etc/openvpn/server/


cd /etc/openvpn/server/
nano server.conf

port 1194
proto udp
dev tun

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/9mercat-server.crt
key /etc/openvpn/server/9mercat-server.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
#crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.5.0.0 255.255.255.0
push "redirect-gateway def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
data-ciphers AES-256-GCM:AES-128-GCM
tls-version-min 1.2
#tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA256
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress stub-v2
daemon
user nobody
group nobody

# OpenVPN Log
log-append /var/log/openvpn.log
verb 3

 

echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p


firewall-cmd --permanent --add-service=openvpn
firewall-cmd --permanent --zone=trusted --add-service=openvpn


firewall-cmd --permanent --zone=trusted --add-interface=tun0


firewall-cmd --permanent --add-masquerade


SERVERIP=$(ip route get 1.1.1.1 | awk 'NR==1 {print $(NF-2)}')
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s  10.5.0.0/24 -o $SERVERIP -j MASQUERADE


firewall-cmd --reload


systemctl start openvpn-server@server
systemctl enable openvpn-server@server


client

dev tun

proto udp
remote 9vehiclesusats.ddns.net 1194
ca ca.crt

cert reserva.crt

key reserva.key
data-ciphers AES-256-GCM:AES-128-GCM

auth SHA256

auth-nocache

tls-version-min 1.2
resolv-retry infinite
nobind

persist-key

persist-tun

mute-replay-warnings

verb 3
netstat -plntu
systemctl status openvpn-server@server


cd /etc/openvpn/client
nano client01.ovpn
@server


cd /etc/openvpn/
tar -czvf client01.tar.gz client/*


scp root@139.xx.xx.xx:/etc/openvpn/client01.tar.gz .


sudo apt install openvpn network-manager-openvpn network-manager-openvpn-gnome -y


openvpn --config client01.ovpn
curl ifconfig.io


Click for thumbs down.0Click for thumbs up.0
Last edited on 16 enero, 2026, 6:32 pm by admin
  • 

						
93 788 47 61 / 600 67 68 72
  • 

						
info@informaticacanboada.com
  • 

						
C/Hispanitat nº 7 Local C
    Terrassa (Barcelona)
servicios
textos legales
Contacto
© Informàtica Can Boada All rights reserved



Facebook-f
					



Instagram
					



Linkedin
					



WhatsApp chat