OpenVPN Client In CentOS 7 – A Little Tweak
I have just written on some changes in CentOS 7 over the earlier releases. Today, I writing about running the OpenVPN client.
In all previous versions of CentOS and other distros like Debian and Ubuntu, we dump the client configuration into the /etc/openvpn and the init scripts will take care of loading all the files with .conf extensions and set up the tunnels. There could be a possibility of the client connecting to more than 1 server.
So in CentOS 7, we now have systemd. So how does it work now? Let’s do a quick run through of the installation.
CentOS 7 now has EPEL in the base repository. So now installing EPEL is simply:
sudo yum -y install epel-release
In the past, we need to go download the EPEL rpm and install it.
Installing OpenVPN is as per the previous releases:
sudo yum -y install openvpn
So after the installation, we would put all the config files and keys into /etc/openvpn. So now enabling the service would be slightly different now with systemd.
Systemd requires you to explicitly enable this particular configuration. Systemd will not do a blanket loading of all the configurations and tunnels. So assuming your your configuration file is newclient.conf, the command to enable the client would be:
sudo systemctl -f enable [email protected]
This command will only enable this particular tunnel. I was fumbling with this when I configured my first CentOS 7 client. I thought that just enabling OpenVPN like any other services, systemd would somehow load the client like we were doing with init scripts.
While this is less convenient, I might say that it’s safer and more secured. In the event that a misconfiguration or rouge configuration is dropped into /etc/openvpn, the client will not be loaded.
Again, this is part of R.T(My Own)F.M for quick reference. :)