Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Working with OpenVPN (and iptables)

Understanding Virtual Private Networks (VPsN) is essential for many advanced level certification tests. OpenVPN is a popular VPN solution that enjoys somewhat common use. This exercise focuses on configuring a basic VPN server and client.

Google Cloud Platform icon

Path Info

Clock icon Advanced
Clock icon 1h 30m
Clock icon Nov 05, 2018

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Install and configure the OpenVPN server on `vpn-server`.

    Install OpenVPN:

    1. Run yum install -y openvpn.

    2. Copy the server config: cp /usr/share/doc/openvpn-2.4.7/sample/sample-config-files/server.conf /etc/openvpn/

    3. Edit the server config to contain the following topology configuration: topology subnet

  2. Challenge

    Install the provided server certificates.


    cp /home/cloud_user/certs/ca.crt /home/cloud_user/certs/server.crt /home/cloud_user/certs/server.key /etc/openvpn
  3. Challenge

    Generate the required server keys.

    1. Generate the dhparam key (this may take a few minutes):
    openssl dhparam -out /etc/openvpn/dh2048.pem 2048
    1. Generate the key for tls-auth and copy it to client:
    openvpn --genkey --secret /etc/openvpn/ta.key
    scp /etc/openvpn/ta.key cloud_user:/home/cloud_user/ta.key
  4. Challenge

    Make the necessary firewall and routing configurations for OpenVPN on `vpn-server`.

    Run the following commands:

    iptables -I INPUT -p udp --dport 1194 -j ACCEPT
    iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
    iptables-save > /etc/sysconfig/iptables
    sysctl -w net.ipv4.ip_forward=1
  5. Challenge

    Enable and start the OpenVPN server.

    Run the following:

    systemctl enable openvpn@server
    systemctl start openvpn@server
  6. Challenge

    Install and configure the OpenVPN client on `vpn-client`.

    On vpn-client, perform the following steps:

    1. Install OpenVPN:
    yum install y openvpn
    1. Copy the client.conf file from /usr/share/doc:
    cp /usr/share/doc/openvpn-2.4.7/sample/sample-config-files/client.conf /etc/openvpn/
    1. Update the remote command hostname directive in /etc/openvpn/client.conf as follows:
    remote vpn-server 1194
  7. Challenge

    Install the provided client and ca-certificates on `vpn-client`.

    Copy the provided certificates off of vpn-server and to the noted directories on vpn-client with the following commands.

    Run on the host vpn-client:

    cp /home/cloud_user/ca.crt /etc/openvpn/
    cp /home/cloud_user/client.key /etc/openvpn/
    cp /home/cloud_user/client.crt /etc/openvpn/
  8. Challenge

    Install the `tls` key from `vpn-server` on `vpn-client`.

    Assuming you copied the tls key over to /home/cloud_user/ta.key when you created it in the earlier tasks, run cp /home/cloud_user/ta.key /etc/openvpn/ta.key.

    If not, you will need to retrieve the file from vpn-server:/etc/openvpn/ta.key.

  9. Challenge

    Enable and start the OpenVPN client.

    Run the following commands:

    systemctl enable openvpn@client
    systemctl start openvpn@client

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans