openvpn server

1. quick installation

source /etc/cid.conf
curl -ns http://${rdsserver}/sharel/bin/inst-openvpn | sh

2. installation step-by-step

yum -y install openvpn

3. configuration

doublecheck the dnsdomain and dnsserver entries in /etc/cid.conf.

source /etc/cid.conf
source /bin/cid-functions

wget -N -nv http://${rdsserver}/sharel/skl/etc/openvpn/server.conf -P /etc/openvpn/
wget -N -nv http://${rdsserver}/sharel/bin/openvpn-hook -P /bin/
chmod +x /bin/openvpn-hook

cube /etc/openvpn/server.conf "%dnsdomain%" with "${dnsdomain}"
cube /etc/openvpn/server.conf "%dnsserver%" with "${dnsserver}"
uname -i | grep -q "64" && cube /etc/openvpn/server.conf "/usr/lib/" with "/usr/lib64/"

rm -fr /etc/openvpn/keys/ /tmp/keys/ && mkdir /etc/openvpn/keys /tmp/keys
curl -s http://${rdsserver}/sharel/etc/openvpn/keys/keys-3.0.tgz | tar xz -C /tmp/keys/
mv /tmp/keys/ca.crt /etc/openvpn/keys/
mv /tmp/keys/dh2048.pem /etc/openvpn/keys/
mv /tmp/keys/issued/server.crt /etc/openvpn/keys/
mv /tmp/keys/private/server.key /etc/openvpn/keys/
rm -fr /tmp/keys/

cid_add_line /etc/rc.local 'sysctl -w net.ipv4.ip_forward=1'
cid_add_line /etc/rc.local 'iptables -t "nat" -A "POSTROUTING" -s "10.99.0.0/24" -o "eth0" -j "MASQUERADE"'

sysctl -w net.ipv4.ip_forward=1
iptables -t "nat" -A "POSTROUTING" -s "10.99.0.0/24" -o "eth0" -j "MASQUERADE"

systemctl enable openvpn@server.service
systemctl start openvpn@server.service

4. skeleton file

5. debugging

netstat -i

Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500  8622276      0      0 0       5819384      0      0      0 BMRU
lo       65536   240565      0      0 0        240565      0      0      0 LRU
tun0      1500        0      0      0 0             0      0      0      0 MOPRU
                                                                             ^

iptables-save

# Generated by iptables-save v1.4.21 on Fri Jan 27 01:15:15 2017
*nat
:PREROUTING ACCEPT [29:1945]
:INPUT ACCEPT [29:1945]
:OUTPUT ACCEPT [19:1286]
:POSTROUTING ACCEPT [1:69]
-A POSTROUTING -s 10.99.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Jan 27 01:15:15 2017

6. references

https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7