3. OpenVPN installation directory, Prep software

7). Enable Kernal IP forwarding

Enabling ip_forward tells your Linux system to do this. For it to be meaningful, you need two network interfaces. When doing routing, security is important and that's where Linux's packet filter, iptables, gets involved. So you will need an iptables configuration consistent with your needs.

Note that enabling forwarding with iptables disabled and/or without taking firewalling and security into account could leave you open to vulnerabilites if one of the NICs is facing the Internet or a subnet you don't have control over.

- Check using sysctl -p to validate the ip_forward setting.

- if net.ipv4.ip_forward = 0, then run sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#' /etc/sysctl.conf to change or you can directly vi /etc/sysctl.conf and change 0 to 1

- Activate the change by sysctl -p


5). Store Key files and Server config files to /etc/openvpn/

a). create new directory and copy key files to /etc/openvpn/

[root@localhost keys]# mkdir /etc/openvpn
[root@localhost easy-rsa]# cp -ap keys /etc/openvpn/
[root@localhost easy-rsa]# cd /home/admin/tools/openvpn/openvpn-2.3.12/sample/sample-config-files
[root@localhost sample-config-files]# cp client.conf server.conf /etc/openvpn/
[root@localhost sample-config-files]# tree /etc/openvpn/
/etc/openvpn/
|-- client.conf
|-- keys
| |-- 01.pem
| |-- 02.pem
| |-- 03.pem
| |-- admin.crt
| |-- admin.csr
| |-- admin.key
| |-- ca.crt
| |-- ca.key
| |-- dh1024.pem
| |-- dyoung.crt
| |-- dyoung.csr
| |-- dyoung.key
| |-- index.txt
| |-- index.txt.attr
| |-- index.txt.attr.old
| |-- index.txt.old
| |-- serial
| |-- serial.old
| |-- server.crt
| |-- server.csr
| `-- server.key
`-- server.conf
1 directory, 23 files


Please publish modules in offcanvas position.