Select Page

Step 1: Build an OpenVPN Base Server

Back to the overview
Forward to step 2

Install a copy of Red Hat Fedora Server onto either a virtual machine or spare PC. Fedora is Red Hat’s free upstream Linux offering. Red Hat uses Fedora as an upstream platform to test packages that will eventually make their way into Red Hat Enterprise Linux. By default, Fedora Server has no GUI. You won’t need one. Paste in the commands in this page, substituting your own names and IP Addresses where appropriate.

Download a copy of the most recent Red Hat Fedora ISO from the Fedora project website. Either burn it to DVD, or put the ISO into an area where a VM can “think” it’s a DVD. Boot from the DVD image and install the operating system. Detailed instructions are on the Fedora project website. I linked to the main page because specific instructions change from release to release. Default settings are fine. You’ll want a 50 GB hard drive, although you can probably get away with smaller.

Set up Networking

After installing the operating system, login to the console or SSH session. Apply the latest updates and reboot.

yum update -y

Login again and disable the firewall rules with these commands:

systemctl disable firewalld.service
systemctl stop firewalld.service

You may want to add firewall rules on this system appropriate for your internal network. If so, first finish setting up and debugging OpenVPN with all firewall rules turned off, and then add your local firewall rules. This is beyond the scope of this documentation.

You need a static IP Address inside your local network. The commands below assume a Network Manager connection named ens3 on a device named ens3. Your device and connection names might be different. From an SSH session or the console, find them like this:

[root@localhost ~]# nmcli connection show
NAME  UUID                                  TYPE      DEVICE
ens3  39ad55bd-adde-384a-bb09-7f8e83380875  ethernet  ens3
[root@localhost ~]#

Now, set your static IP Address, prefix, gateway, and DNS resolver like this. Substitute your own IP Addresses here.

nmcli connection modify ens3 ipv4.addresses 10.10.10.97/24
nmcli connection modify ens3 ipv4.gateway 10.10.10.1
nmcli connection modify ens3 ipv4.dns 10.10.10.10
nmcli connection modify ens3 ipv4.method manual
nmcli connection modify ens3 connection.autoconnect yes

Set the hostname like this.

hostnamectl set-hostname OVPNserver2020

You will also want to put a record in your local DNS server with a name pointing to this VPN server. If you don’t have a local DNS server, don’t worry about it. But make sure no other systems in your local network use this IP Address.

Leave selinux at its default setting of “enforcing.” If you want to change to “permissive” for debugging purposes, here is how to do it.

cd /etc/selinux
nano config
change
     selinux=enforcing   to
     selinux=permissive

Reboot and make sure the system has the correct networking information.

Back to the overview
Forward to step 2