# Using both permanent and not permanent rules to avoid a firewalld If ! grep -q "\ " /etc/nf thenĮcho '_forward=1 ' > /etc/nf Ifconfig-pool-persist ipp.txt " > /etc/openvpn/nfĮcho 'push "redirect-gateway def1 bypass-dhcp" ' > /etc/openvpn/nfĮcho "push \"dhcp-option DNS $DNS1 \" " > /etc/openvpn/nfĮcho "push \"dhcp-option DNS $DNS2 \" " > /etc/openvpn/nfĬrl-verify crl.pem " > /etc/openvpn/nf Openvpn -genkey -secret /etc/openvpn/ta.key # CRL is read with each client connection, when OpenVPN is dropped to nobodyĬhown nobody: $GROUPNAME /etc/openvpn/crl.pem easyrsa build-client-full $CLIENT nopassĬp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn easyrsa build-server-full server nopass # Create the PKI, set up the CA, the DH params and the server + client certificates Mv /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/Ĭhown -R root:root /etc/openvpn/easy-rsa/ # An old version of easy-rsa was available by default in some openvpn packages Yum install openvpn iptables openssl wget ca-certificates lighttpd -y [ " $ ' | head -1 )Īpt-get install openvpn iptables openssl ca-certificates lighttpd -y
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |