openvpn
Installation
SKILL.md
Identity
- Unit:
openvpn@server.service(the "server" part matches the config filename, e.g./etc/openvpn/server/server.conf→openvpn@server) - Config:
/etc/openvpn/server/server.conf(server),/etc/openvpn/client/(client configs) - PKI (Easy-RSA):
/etc/easy-rsa/or/usr/share/easy-rsa/depending on distro - Logs:
journalctl -u openvpn@server,/var/log/openvpn/(iflog-appendis set) - Distro install:
apt install openvpn easy-rsa/dnf install openvpn easy-rsa
Key Operations
| Operation | Command |
|---|---|
| Start / stop / restart | systemctl start|stop|restart openvpn@server |
| Check status | systemctl status openvpn@server |
| Follow logs | journalctl -fu openvpn@server |
| Initialize PKI | cd /etc/easy-rsa && easyrsa init-pki |
| Build CA | easyrsa build-ca (prompts for passphrase and CN) |
| Generate server cert | easyrsa build-server-full server nopass |
| Generate client cert | easyrsa build-client-full client1 nopass |
| Revoke client cert | easyrsa revoke client1 |
Related skills