how to set up an openvpn server on centos7.8

1. install openvpn

   yum install openvpn -y
   mkdir -p /etc/openvpn/ && cd /etc/openvpn/
   curl -LO https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz
   tar zxvf 2.3.3.tar.gz
   cp /usr/share/doc/openvpn-2.4.9/sample/sample-config-files/server.conf /etc/openvpn/
   openvpn --genkey --secret /etc/openvpn/openvpn.tlsauth
   vi /etc/openvpn/server.conf
   
   port 30000
   proto tcp
   push "redirect-gateway def1 bypass-dhcp"
   push "dhcp-option DNS 9.9.9.9"
   topology subnet
   ;remote-cert-eku "TLS Web Client Authentication"
   ;tls-crypt /etc/openvpn/openvpn.tlsauth 0
   

2. prepare certs

   cd easy-rsa-old-2.3.3/easy-rsa/2.0
   vi vars
   source ./vars
   ./clean-all
   ./build-ca
   ./build-key-server server
   ./build-dh
   ./build-key client
   cd keys
   cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
   

3. change iptables

   echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
   sysctl -p
   yum install iptables-services -y
   iptables -F
   iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens192 -j MASQUERADE
   service iptables save
   cd /etc/openvpn/
   openvpn --config server.conf
   

4. on windows client

   client
   tls-client
   ca C:/Users/chenshi/Desktop/ca.crt
   cert C:/Users/chenshi/Desktop/client.crt
   key C:/Users/chenshi/Desktop/client.key
   #tls-crypt C:/Users/chenshi/Desktop/openvpn.tlsauth 1
   #remote-cert-eku "TLS Web Client Authentication"
   proto tcp
   remote chenshi.de 30000 tcp
   dev tun
   topology subnet
   pull
   

5. references:

   https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7