How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7

0
224
views
How To Add/Create A New OpenVPN Client For OpenVPNServer In CentOS/RHEL 6/7

In this article, we will learn to add a new user for OpenVPN server’s as a client or you can say we are going to create new client key to get connect with open VPN. As in our previous article we learned to create and setup OpenVPN and learn to use it on windows and Linux client.

Reason To Create Separate New Clients Keys

There are some scenarios where we want to create a separate key for different client machine for security purpose. Like when a user is leaving an organization we may want to terminate his/her key. Also, we may separate different level of the user with different keys etc.

Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig

If you want to read more article on OpenVPN then you may follow Given below links

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7

Prerequisites:

A Pre-Installed and running OpenVPN Server.

Scenario

OpenVPN server: 192.168.1.188 – Already Running

Let’s Start

Step 1: Create a new Client Certificates

When you are going to create a new client for OpenVPN server the first thing you need to create a new client certificate so follow the following command. For this example, we are creating a newClient as key.

Note: you may name newClient according to your own need.

[[email protected] ~]# cd /etc/openvpn/easy-rsa/
[[email protected] easy-rsa]# ./easyrsa build-client-full newClient nopass
Generating a 2048 bit RSA private key
.................................................................................................................+++
..........................................................+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/newClient.key.4MBloZ1eeP'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'newClient'
Certificate is to be certified until Jul 17 12:53:02 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

After the generation of the new client certificate, we need to create newClient.ovpn key

Step 2: Create A New Client Key(OVPN)

Now, this the same procedure we followed in our last article. So let’s create our new client key in /tmp directory this time. You may create this file at any location on OpenVPN server. For this example, I am creating this file in /tmp

[[email protected] easy-rsa]# vim /tmp/newClient.ovpn

You may name the file whatever you want. So, after opening the file append the following lines to the
Note: Change the Highlighted values according to your Scenario)

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 192.168.1.188 9091 --- VPN server IP and Port
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3

Write and quit the file using :wq!

Step 3: Save the Key in ca.crt, server.crt, and server.key in File

Now to insert the values of ca.crt, server.crt, and server.key in client and you should follow the given below steps

echo "<ca>" >> /tmp/newClient.ovpn
cat /etc/openvpn/easy-rsa/pki/ca.crt >> /tmp/newClient.ovpn
echo "</ca>" >> /tmp/newClient.ovpn
echo "<cert>" >> /tmp/newClient.ovpn
cat /etc/openvpn/easy-rsa/pki/issued/client.crt >> /tmp/newClient.ovpn
echo "</cert>" >> /tmp/newClient.ovpn
echo "<key>" >> /tmp/newClient.ovpn
cat /etc/openvpn/easy-rsa/pki/private/client.key >> /tmp/newClient.ovpn
echo "</key>" >> /tmp/newClient.ovpn
echo "<tls-auth>" >> /tmp/newClient.ovpn
cat /etc/openvpn/ta.key >> /tmp/newClient.ovpn
echo "</tls-auth>" >> /tmp/newClient.ovpn

You have your final newClient.ovpn would be at /tmp/newClient.ovpn so download the file and follow our previous article to get connect with open VPN Server. In Next Article, learn to revoke access of a client

You May Like These Also

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7