How to Install OpenVPN Server and Client with Easy-RSA 3 on CentOS 7
How to Install OpenVPN Server and Client with Easy-RSA 3 on CentOS 7
OpenVPN is a popular open-source VPN software that allows you to create secure and encrypted connections between your devices and a VPN server. Easy-RSA is a command-line tool that simplifies the process of generating and managing certificates and keys for OpenVPN. In this tutorial, we will show you how to install OpenVPN server and client with Easy-RSA 3 on CentOS 7.
Prerequisites
Before you begin, you will need the following:
How to Install OpenVPN Server and Client with Easy-RSA 3 on CentOS 7
A CentOS 7 server with root access.
A CentOS 7 client machine that you want to connect to the VPN server.
A domain name or a public IP address for your VPN server.
A firewall that allows UDP traffic on port 1194 (the default OpenVPN port).
Step 1: Install OpenVPN and Easy-RSA on the Server
First, we need to install the EPEL repository on the server, which provides additional packages for CentOS:
sudo yum install epel-release -y
Next, we can install OpenVPN and Easy-RSA from the EPEL repository:
sudo yum install openvpn easy-rsa -y
This will also install some dependencies, such as openssl and lzo.
Step 2: Configure Easy-RSA on the Server
Easy-RSA uses a configuration file called vars to store some variables that are used for generating certificates and keys. We need to edit this file and customize it according to our needs.
The vars file is located in the /usr/share/easy-rsa/3/ directory. We can make a copy of it in the /etc/openvpn/easy-rsa/ directory, which is where we will run the Easy-RSA commands:
sudo mkdir /etc/openvpn/easy-rsa
sudo cp /usr/share/easy-rsa/3/vars /etc/openvpn/easy-rsa/
Then, we can edit the vars file with our preferred text editor:
sudo nano /etc/openvpn/easy-rsa/vars
We need to change the following variables:
set_var EASYRSA_REQ_COUNTRY: The two-letter country code of your location.
set_var EASYRSA_REQ_PROVINCE: The name of your state or province.
set_var EASYRSA_REQ_CITY: The name of your city.
set_var EASYRSA_REQ_ORG: The name of your organization.
set_var EASYRSA_REQ_EMAIL: The email address of your organization.
set_var EASYRSA_REQ_OU: The name of your organizational unit.
set_var EASYRSA_KEY_SIZE: The size of the RSA keys in bits. The default is 2048, but you can increase it to 4096 for more security.
set_var EASYRSA_ALGO: The algorithm used for generating keys. The default is rsa, but you can also use ec (elliptic curve) or ed (EdDSA).
set_var EASYRSA_CA_EXPIRE: The number of days that the CA certificate is valid. The default is 3650 (10 years).
set_var EASYRSA_CERT_EXPIRE: The number of days that the server and client certificates are valid. The default is 825 (2.25 years).
set_var EASYRSA_NS_SUPPORT: Whether to add Netscape extensions to the certificates. The default is no, but you can set it to yes if you need compatibility with older clients.
set_var EASYRSA_NS_COMMENT: A comment that will be added to the certificates if NS_SUPPORT is set to yes.
29c81ba772
https://www.rvrubin.com/group/rob-rubin-group/discussion/4f51e4ec-f85e-47e8-8421-7ef1ee570d6e