Created
October 4, 2014 02:10
-
-
Save JCotton1123/e07b74c3e903239a1de5 to your computer and use it in GitHub Desktop.
Setup site-to-site OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yum install -y openvpn | |
Within /etc/sysctl.conf: | |
net.ipv4.ip_forward = 1 | |
net.ipv4.conf.default.rp_filter = 0 | |
Add to /etc/sysconfig/iptables: | |
-A INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 1194 -j ACCEPT | |
cd openvpn | |
git clone https://github.com/OpenVPN/easy-rsa | |
cd easyrsa/easyrsa3/ | |
export EASYRSA_PKI=/etc/openvpn/pki/<config> | |
./easyrsa init-pki | |
./easyrsa gen-dh | |
./easyrsa build-ca | |
./easyrsa build-server-full name.domain.tld nopass | |
./easyrsa build-client-full user@domain.tld | |
/etc/openvpn/site-to-site.conf: | |
``` | |
port 1194 | |
dev tun | |
proto udp | |
topology subnet | |
tls-server | |
mode server | |
ca /etc/openvpn/pki/site-to-site/ca.crt | |
cert /etc/openvpn/pki/site-to-site/issued/gateway.crt | |
key /etc/openvpn/pki/site-to-site/private/gateway.key | |
dh /etc/openvpn/pki/site-to-site/dh.pem | |
ifconfig 10.254.1.254 255.255.255.0 | |
# Site specific settings are stored within | |
# /etc/openvpn/ccd/<site gateway> | |
client-config-dir ccd | |
# Local routes | |
# Don't forget to add equivalent iroute stmts | |
# to each sites config (ccd/<site gateway>) | |
route 172.16.0.0 255.255.255.0 10.254.1.1 | |
route 172.16.2.0 255.255.255.0 10.254.1.2 | |
# Remote routes | |
# These routes are pushed out to connecting clients | |
push "route 172.16.254.0 255.255.255.0 10.254.1.254" | |
comp-lzo | |
passtos | |
keepalive 10 120 | |
mute-replay-warnings | |
ping-timer-rem | |
persist-tun | |
persist-key | |
user nobody | |
daemon | |
verb 4 | |
status /var/log/openvpn/site-to-site.status.log | |
log-append /var/log/openvpn/site-to-site.log | |
``` | |
/etc/openvpn/ccd/<server>: | |
``` | |
ifconfig-push 10.254.1.1 255.255.255.0 | |
iroute 172.16.0.0 255.255.255.0 | |
``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment