This procedure is for KerOs 5.x only.
Easy way exist to set up an OpenVPN server on Linux. A Script named “openvpn-install” may be used to configure OpenVPN server (for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux) :
Generate a client from the script “openvpn-install”. It will generate a file “.ovpn” that contain the system requirements (Certificate Authority, certificates, Keys). Transfer the file “.ovpn” to the Gateway in “/etc/openvpn/” folder and rename it to “.conf” :
scp client-openvpn.ovpn root@192.168.0.x://etc/openvpn/client-openvpn.conf
Create a file call “openvpn.rules” as the example below (replace the port number with the same number port set on the open vpn server) :
*filter -A INPUT -p udp --sport 1194 -j ACCEPT -A OUTPUT -p udp --dport 1194 -j ACCEPT COMMIT
Transfert the file on the Gateway in the firewall folder “/etc/firewall.d/” :
scp openvpn.rules root@192.168.0.x://etc/firewall.d/
Reset the firewall process :
/etc/init.d/firewall restart
To check the rules, launch the command: iptables -L for IPv4 rules and ip6tables -L for IPv6 rules.
Launch the OpenVPN main configuration file on the gateway (replace with the appropriate file name):
openvpn --config /etc/openvpn/client-openvpn.conf 2>&1 | logger &
Check that OpenVPN client is well launched on your gateway:
ps | grep [o]penvpn 31342 root 4700 S openvpn --config /user/client-openvpn.conf
Check with the ifconfig command that the vpn0 interface is now active.
Once everything is working, you can add initialization scripts to enable the VPN automatically. Don't forget to enable the firewall again if it was disabled. We recommend monitoring the VPN with Monit daemon.