1.Se fac update-uri asupra sistemului de operare ->

dnf update;

2.Se instaleaza OpenVPN si certificatul de functionare ->

dnf install openvpn easy-rsa;

3.Se creeaza un director pentru stocarea cheii si certificatului de functionare ->

mkdir /etc/openvpn/easy-rsa

4.Se copiaza cheia si certificatul de functionare in calea noua creata ->

cp -air /usr/share/easy-rsa/3/* /etc/openvpn/easy-rsa;

5.Se creaza efectiv certificatul CA -> 

./easyrsa build-ca;


6.Se creeaza parolele pentru cheia si certificatul de functionare ->

writing new private key to '/etc/openvpn/easy-rsa/pki/private/ca.key.EajtR0SkLM'
Enter PEM pass phrase: PASSWORD
Verifying - Enter PEM pass phrase: PASSWORD

7.Se acceseaza  fisierul de config aflat in calea ->

cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server/;


8.Se modifica fisierul de configurare cu urmatorii parametri ->

# Which TCP/UDP port should OpenVPN listen on?
# Change to match your port and open it in the firewall
port 1194

# TCP or UDP server?
proto udp

# "dev tun" will create a routed IP tunnel
dev tun

# Change path for certificates
ca ca.crt
cert issued/server.crt
key private/server.key

# Diffie hellman exchange key path
dh dh.pem

# Network topology
topology subnet

# OpenVPN Network IP. For below, The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
server 172.16.0.0 255.255.255.0

# this directive will configure all clients to redirect their default
# network gateway through the VPN
push "redirect-gateway def1 bypass-dhcp"

# DNS servers
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

# For compression compatible with older clients use comp-lzo.
comp-lzo

# Run VPN with limited privileges
user nobody
group nobody

# Status log file
status /var/log/openvpn/openvpn-status.log

# TLS/SSL pre-shared authentication key
tls-auth ta.key 0

# Make VPN log directory and log file
log-append /var/log/openvpn/openvpn.log

#Append this line to change authentication algorithm (HMAC) from SHA1 to SHA512
auth SHA512

9.Se creaza directorul de log-uri ->

mkdir /var/log/openvpn/;

10.Se aplica regula pentru portforward ->

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf;

11.Se ruleaza comanda pentru a lua efect toate setarile ->

sysctl --system;

12.Se deschide portul de functionare a conexiunii OpenVPN;

firewall-cmd --add-port=1194/udp --permanent;

11.Se restarteaza firewall-ul ->

firewall-cmd --reload;

12.Se deschide conexiunea OpenVPN ->

systemctl start openvpn-server@server;
systemctl enable openvpn-server@server;