Versions Compared

Version Old Version 1 New Version 2
Changes made by

HTEK

HTEK

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
[root@localhost easy-rsa]# ./easyrsa sign server server

When signaturing signing the server certificate, you need to enter the passphrase of the CA (you have set it in 2.2).

...

Code Block
vim /etc/sysctl.conf

Add the below line to this file

Code Block
net.ipv4.ip_forward = 1

Now start the firewall service and add rules for openvpn the OpenVPN service

Code Block
[root@localhost easy-rsa]# systemctl start firewalld.service

Check the status of the firewall

Code Block
[root@localhost easy-rsa]# firewall-cmd --state
running
[root@localhost easy-rsa]# firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

...

Code Block
[root@localhost easy-rsa]# firewall-cmd --add-service=openvpn --permanent
success
[root@localhost easy-rsa]# firewall-cmd --add-port=1194/udp --permanent
success
[root@localhost easy-rsa]# firewall-cmd --add-port=22/tcp --permanent
success
[root@localhost easy-rsa]# firewall-cmd --add-source=10.8.0.0 --permanent
success
[root@localhost easy-rsa]# firewall-cmd --query-source=10.8.0.0 --permanent
yes
[root@localhost easy-rsa]# firewall-cmd --add-masquerade --permanent
success
[root@localhost easy-rsa]# firewall-cmd --query-masquerade --permanent
yes
[root@localhost easy-rsa]# firewall-cmd --reload
success

Check the status of the firewall again

Code Block
[root@localhost easy-rsa]# firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 10.8.0.0
  services: dhcpv6-client openvpn ssh
  ports: 1194/udp 22/tcp
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

...

Code Block
[root@localhost easy-rsa]# vim /etc/openvpn/client/client.ovpn

Add the below lines to this file:

...

Choose Yes and then click the SaveSet button on the bottom of the webpage, the phone will reboot to apply the new configuration.

...