They both not so applicable for Fedora 26 because from moment they was written it has been several years and there are many discrepancies.
And when I ended them up and faced several issues:
- Why I can ping but cannot access internet/local network behind the vpn server?
- Where keys should be placed?
- how to use Easy-RSA v3 instead v2?
- how to omit password on service start up?
1) First of all install necessary dependencies
2) Copy rsa scripts to the home folder
3) According to this start a new PKI and build a CA keypair/cert
4) Build Server certificate, key
5) Build Client certificate, key
you can omitt
nopass on steps 3,4,5 if you need to
6) Generate a strong Diffie-Hellman keys
7) Generate HMAC signature to strengthen the server’s TLS integrity verification capabilities
8) Before openvpn server setting up we need to put appropriate keys
ca.crt ca.key server.crt server.key ta.key dh.pem into
9) Now we need to set up the server itself, firstly copy configurations
10) Modify several lines in that configuration file
add this lines at the end of the file:
; symbol to uncomment following lines
10’)[optional] In order to to Redirect All Traffic Through the VPN, remove
; from following lines
10’’)[optional] Adjust port and protocol if you don’t wish to use default
and if you have
server.key with the different name point to them here
11) Allow IP Forwarding. This is fairly essential to the functionality we want our VPN server to provide.
and drop a line there
12) Set up
firewalld to work with
13) Now we are going to set up our
server corresponts with the configuration file name in /etc/openvpn/server such as server.conf. So if you have
myserver.conf you have to replace
14) Now we are ready to start
Done! We successfully deployed our OpenVPN server, and we are ready to move on and set up the client
As you remember we have already generated
client1.key at the step 5. And now we need combine them with our general Certificates of Authority in order to build client config file.
1) First of all we need generate Client Configurations. Lets create
client-configs directory and prepare with the keys
2) Next we need to copy base configuration from examples
3) Open this file in your text editor
4) and modify as following
next uncomment (by removing
NB: If you are using CentOS, change the
nobody to match the distribution’s available groups
and comment out the lines because we place them directly in client’s config
add this lines at the end of the file
5) Next, we will create a simple script to compile our base configuration with the relevant certificate, key, and encryption files. This will place the generated configuration in the
~/client-configs/ files directory.
make that file executable
6) Execute that file with
client1 input parameter
If everything went well, we should have a client1.ovpn file in our
7) Now that file can be used on the client machine