JCotton1123/gist:e07b74c3e903239a1de5

## gistfile1.txt

yum install -y openvpn

Within /etc/sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0

Add to /etc/sysconfig/iptables:
-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 1194 -j ACCEPT

cd openvpn
git clone https://github.com/OpenVPN/easy-rsa
cd easyrsa/easyrsa3/
export EASYRSA_PKI=/etc/openvpn/pki/<config>
./easyrsa init-pki
./easyrsa gen-dh
./easyrsa build-ca
./easyrsa build-server-full name.domain.tld nopass
./easyrsa build-client-full user@domain.tld

/etc/openvpn/site-to-site.conf:
```
port 1194
dev tun
proto udp
topology subnet
tls-server
mode server

ca /etc/openvpn/pki/site-to-site/ca.crt
cert /etc/openvpn/pki/site-to-site/issued/gateway.crt
key /etc/openvpn/pki/site-to-site/private/gateway.key
dh /etc/openvpn/pki/site-to-site/dh.pem

ifconfig 10.254.1.254 255.255.255.0

# Site specific settings are stored within
# /etc/openvpn/ccd/<site gateway>
client-config-dir ccd

# Local routes
# Don't forget to add equivalent iroute stmts
# to each sites config (ccd/<site gateway>)
route 172.16.0.0 255.255.255.0 10.254.1.1
route 172.16.2.0 255.255.255.0 10.254.1.2

# Remote routes
# These routes are pushed out to connecting clients
push "route 172.16.254.0 255.255.255.0 10.254.1.254"

comp-lzo
passtos
keepalive 10 120
mute-replay-warnings
ping-timer-rem
persist-tun
persist-key
user nobody
daemon
verb 4
status /var/log/openvpn/site-to-site.status.log
log-append /var/log/openvpn/site-to-site.log
```

/etc/openvpn/ccd/<server>:
```
ifconfig-push 10.254.1.1 255.255.255.0
iroute 172.16.0.0 255.255.255.0
```

	yum install -y openvpn

	Within /etc/sysctl.conf:
	net.ipv4.ip_forward = 1
	net.ipv4.conf.default.rp_filter = 0

	Add to /etc/sysconfig/iptables:
	-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 1194 -j ACCEPT

	cd openvpn
	git clone https://github.com/OpenVPN/easy-rsa
	cd easyrsa/easyrsa3/
	export EASYRSA_PKI=/etc/openvpn/pki/<config>
	./easyrsa init-pki
	./easyrsa gen-dh
	./easyrsa build-ca
	./easyrsa build-server-full name.domain.tld nopass
	./easyrsa build-client-full user@domain.tld

	/etc/openvpn/site-to-site.conf:
	```
	port 1194
	dev tun
	proto udp
	topology subnet
	tls-server
	mode server

	ca /etc/openvpn/pki/site-to-site/ca.crt
	cert /etc/openvpn/pki/site-to-site/issued/gateway.crt
	key /etc/openvpn/pki/site-to-site/private/gateway.key
	dh /etc/openvpn/pki/site-to-site/dh.pem

	ifconfig 10.254.1.254 255.255.255.0

	# Site specific settings are stored within
	# /etc/openvpn/ccd/<site gateway>
	client-config-dir ccd

	# Local routes
	# Don't forget to add equivalent iroute stmts
	# to each sites config (ccd/<site gateway>)
	route 172.16.0.0 255.255.255.0 10.254.1.1
	route 172.16.2.0 255.255.255.0 10.254.1.2

	# Remote routes
	# These routes are pushed out to connecting clients
	push "route 172.16.254.0 255.255.255.0 10.254.1.254"

	comp-lzo
	passtos
	keepalive 10 120
	mute-replay-warnings
	ping-timer-rem
	persist-tun
	persist-key
	user nobody
	daemon
	verb 4
	status /var/log/openvpn/site-to-site.status.log
	log-append /var/log/openvpn/site-to-site.log
	```

	/etc/openvpn/ccd/<server>:
	```
	ifconfig-push 10.254.1.1 255.255.255.0
	iroute 172.16.0.0 255.255.255.0
	```