Contact Us
How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
In this article, we will learn to add a new user for OpenVPN server’s as a client or you can say we are going to create a new client key to get connect with open VPN. As in our previous article, we learned to create and set up OpenVPN and learn to use it on Windows and Linux client.
Reason To Create Separate New Clients Keys
There are some scenarios where we want to create a separate key for different client machine for security purpose. Like when a user is leaving an organization we may want to terminate his/her key. Also, we may separate different level of the user with different keys etc.
Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig
If you want to read more article on OpenVPN then you may follow Given below links
Part 1: How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7
Prerequisites:
A Pre-Installed and running OpenVPN Server.
Scenario
OpenVPN server: 192.168.1.188 – Already Running
Let’s Start
Step 1: Create new Client Certificates
When you are going to create a new client for the OpenVPN server the first thing you need to create a new client certificate so follow the following command. For this example, we are creating a newClient as a key.
Note: you may name newClient according to your own need.
[root@localhost ~]# cd /etc/openvpn/easy-rsa/ [root@localhost easy-rsa]# ./easyrsa build-client-full newClient nopass Generating a 2048 bit RSA private key .................................................................................................................+++ ..........................................................+++ writing new private key to '/etc/openvpn/easy-rsa/pki/private/newClient.key.4MBloZ1eeP' ----- Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :PRINTABLE:'newClient' Certificate is to be certified until Jul 17 12:53:02 2027 GMT (3650 days) Write out database with 1 new entries Data Base Updated
After the generation of the new client certificate, we need to create newClient.ovpn key
Step 2: Create A New Client Key(OVPN)
Now, this the same procedure we followed in our last article. So let’s create our new client key in the /tmp directory this time. You may create this file at any location on the OpenVPN server. For this example, I am creating this file in /tmp
[root@localhost easy-rsa]# vim /tmp/newClient.ovpn
You may name the file whatever you want. So, after opening the file append the following lines to the
Note: Change the Highlighted values according to your Scenario)
client dev tun proto udp sndbuf 0 rcvbuf 0 remote 192.168.1.188 9091 #--- VPN server IP and Port resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3
Write and quit the file using :wq!
Step 3: Save the Keys
Now to insert the values of ca.crt, server.crt, and server.key in client and you should follow the given below steps
echo "<ca>" >> /tmp/newClient.ovpn cat /etc/openvpn/easy-rsa/pki/ca.crt >> /tmp/newClient.ovpn echo "</ca>" >> /tmp/newClient.ovpn echo "<cert>" >> /tmp/newClient.ovpn cat /etc/openvpn/easy-rsa/pki/issued/client.crt >> /tmp/newClient.ovpn echo "</cert>" >> /tmp/newClient.ovpn echo "<key>" >> /tmp/newClient.ovpn cat /etc/openvpn/easy-rsa/pki/private/client.key >> /tmp/newClient.ovpn echo "</key>" >> /tmp/newClient.ovpn echo "<tls-auth>" >> /tmp/newClient.ovpn cat /etc/openvpn/ta.key >> /tmp/newClient.ovpn echo "</tls-auth>" >> /tmp/newClient.ovpn
You have your final newClient.ovpn would be at /tmp/newClient.ovpn so download the file and follow our previous article to get connect with open VPN Server. In the Next Article, learn to revoke access of a client
You May Like These Also
Part 1: How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7