Linux+VPN

**Decepticon Manufacturing** ~ VPN Server Configuration ~ To start, OpenVPN must be installed--Yum can take care of this very quickly:

Next, we need to make a directory that will store all of our keys and certificates; we will name it something creative, like "keys":

Now, we need to edit the vars file to reflect our company's information, and then point it to the key directory (/etc/openvpn/keys). These values will be listed on each certificate generated by the CA:

The next two commands start the process of generating the keys and certificates, and then flush everything in the keys directory. It is important to include a space between the two dots in the vars execution--the command will not work without it.

We now will create the CA, server, and client certificates and keys. All of the default values can be accepted with the exception of the common name. The below screen shot is somewhat dated, as our common name in all three cases is now "www.megatron.bot."

The CA:

The Server:

Finally, the client:

Now, generate the Diffie Hoffman parameters:

Next, we will create the configuration file for OpenVPN (server.conf). We can start with the sample configuration that our friend at OpenVPN have provided us with. So first, copy it over to the /etc/openvpn directory:

Add the lines that are contained with in the red boxes and then save the configuration.

Finally, start OpenVPN: