This procedure is for KerOs 5.x only.

1. OpenVPN server configuration
2. OpenVPN client configuration
3. Firewall configuration
4. Start OpenVPN

Easy way exist to set up an OpenVPN server on Linux. A Script named “openvpn-install” may be used to configure OpenVPN server (for Debian, Ubuntu, Fedora, CentOS, Arch Linux, Oracle Linux, Rocky Linux and AlmaLinux) :

https://github.com/angristan/openvpn-install

Generate a client from the script “openvpn-install”. It will generate a file “.ovpn” that contain the system requirements (Certificate Authority, certificates, Keys). Transfer the file “.ovpn” to the Gateway in “/etc/openvpn/” folder and rename it to “.conf” :

scp client-openvpn.ovpn root@192.168.0.x://etc/openvpn/client-openvpn.conf

Create a file call “openvpn.rules” as the example below (replace the port number with the same number port set on the open vpn server) :

*filter
-A INPUT -p udp --sport 1194 -j ACCEPT
-A OUTPUT -p udp --dport 1194 -j ACCEPT
COMMIT

Transfert the file on the Gateway in the firewall folder “/etc/firewall.d/” :

scp openvpn.rules root@192.168.0.x://etc/firewall.d/

Reset the firewall process :

/etc/init.d/firewall restart

To check the rules, launch the command: iptables -L for IPv4 rules and ip6tables -L for IPv6 rules.

Launch the OpenVPN main configuration file on the gateway (replace with the appropriate file name):

openvpn --config /etc/openvpn/client-openvpn.conf 2>&1 | logger &

Check that OpenVPN client is well launched on your gateway:

ps | grep [o]penvpn
31342 root      4700 S    openvpn --config /user/client-openvpn.conf

Check with the ifconfig command that the vpn0 interface is now active.

Once everything is working, you can add initialization scripts to enable the VPN automatically. Don't forget to enable the firewall again if it was disabled. We recommend monitoring the VPN with Monit daemon.