A Virtual Private Network (VPN) provides a secure, encrypted tunnel between your devices and a remote server. It helps protect your privacy and data from online threats, and it’s useful when accessing the internet from public Wi-Fi hotspots. In this guide, we’ll discuss how to install and configure an OpenVPN server on AlmaLinux.
Before we begin, make sure your AlmaLinux server meets the following requirements:
- A server running Almalinux with root access
- A static IP address for the server
- A domain name pointing to the server’s IP address (optional)
- Basic knowledge of the Linux command line
Step-1 Update the system
The first step is to update the system to the latest packages. To do this, run the following commands:
sudo yum updateNext, install OpenVPN and EasyRSA by executing the following command:
sudo yum install openvpn easy-rsaEasyRSA is a command-line tool that simplifies the process of generating and managing SSL certificates for OpenVPN.
Step-3 Configure OpenVPN Once OpenVPN is installed, we need to configure it. The first step is to copy the sample configuration files to the /etc/openvpn directory:
sudo cp -r /usr/share/doc/openvpn-*/sample/sample-config-files /etc/openvpn
Next, we need to generate the SSL certificates for OpenVPN. To do this, we will use the easy-rsa package that we installed earlier. Run the following commands to set up the certificate authority:
cd /etc/openvpn/easy-rsa
cp vars.example vars
vi vars
In the vars file, update the following fields:
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="OpenVPN"
export KEY_EMAIL="[email protected]"
Save and exit the file.
Now, we can initialize the PKI (Public Key Infrastructure) by running the following commands:
./easyrsa init-pki
./easyrsa build-caNext, we need to generate the server certificate and key by running the following commands:
./easyrsa gen-req server nopass
./easyrsa sign-req server server
This will generate the server certificate and key in the /etc/openvpn/easy-rsa/pki/issued directory.
Next, we need to generate the Diffie-Hellman parameters, which are used for the key exchange:
./easyrsa gen-dhThis will generate the DH parameters in the /etc/openvpn/easy-rsa/pki/ directory.
Finally, we need to copy the server certificate, key, and DH parameters to the /etc/openvpn directory:
sudo cp /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpnStep-4 Configure Firewall Before we start the OpenVPN server, we need to configure the firewall to allow incoming connections on the OpenVPN port. By default, the OpenVPN server uses port 1194. Run the following commands to open the port:
sudo firewall-cmd --add-port=1194/udp --permanent
sudo firewall
Step-5 Start OpenVPN Server Now that we have configured OpenVPN and the firewall, we can start the OpenVPN server. To start the OpenVPN server, run the following command:
sudo systemctl start openvpn@server
This will start the OpenVPN server using the configuration file located in the /etc/openvpn/server.conf file. To ensure that the OpenVPN server starts automatically on boot, run the following command:
sudo systemctl enable openvpn@serverStep-6 – Create OpenVPN Clients After starting the OpenVPN server, we need to create client certificates for each user who needs to connect to the VPN. To create a client certificate, run the following commands:
cd /etc/openvpn/easy-rsa
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
This will generate the client certificate and key in the /etc/openvpn/easy-rsa/pki/issued directory. Repeat this process for each client.
Next, we need to create a configuration file for each client. To do this, copy the /usr/share/doc/openvpn-*/sample/sample-config-files/client.conf file to the /etc/openvpn directory:
sudo cp /usr/share/doc/openvpn-*/sample/sample-config-files/client.conf /etc/openvpn/client1.ovpnIn the client configuration file, update the following fields:
remote your_server_ip 1194
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
Save and exit the file.
Step-7 Connect to OpenVPN Server Now that we have created the client configuration files, we can connect to the OpenVPN server from the client machine. To do this, install the OpenVPN client on the client machine and copy the client configuration file to the client machine.
To connect to the OpenVPN server, run the following command:
sudo openvpn --config /path/to/client1.ovpn
This will establish a secure connection between the client and the OpenVPN server.
Conclusion
In this tutorial, we have shown you how to install and configure an OpenVPN server on Almalinux. We have also shown you how to create client certificates and how to connect to the OpenVPN server from a client machine. With this setup, you can securely access your private network from anywhere in the world.
