{"id":9404,"date":"2021-06-30T22:10:44","date_gmt":"2021-06-30T19:10:44","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9404"},"modified":"2024-03-18T20:11:03","modified_gmt":"2024-03-18T17:11:03","slug":"setup-openvpn-server-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/setup-openvpn-server-on-rocky-linux-8\/","title":{"rendered":"Setup OpenVPN Server on Rocky Linux 8"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install and easily setup OpenVPN Server on Rocky Linux 8.&nbsp;<a href=\"https:\/\/openvpn.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenVPN<\/a>&nbsp;is a robust and highly flexible open-source VPN software that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It facilitates the extension of private network across a public network while maintaining security that would be achieved in a private network.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#setting-up-open-vpn-server-on-rocky-linux-8\">Setting up OpenVPN Server on Rocky Linux 8<\/a><ul><li><a href=\"#install-epel-repository\">Install EPEL Repository<\/a><\/li><li><a href=\"#install-open-vpn-on-rocky-linux-8\">Install OpenVPN on Rocky Linux 8<\/a><\/li><li><a href=\"#install-easy-rsa-ca-utility-on-rocky-linux-8\">Install Easy-RSA CA Utility on Rocky Linux 8<\/a><\/li><li><a href=\"#create-open-vpn-public-key-infrastructure\">Create OpenVPN Public Key Infrastructure<\/a><ul><li><a href=\"#initialize-the-pki\">Initialize the PKI<\/a><\/li><li><a href=\"#generate-the-certificate-authority-ca-certificate-and-key\">Generate the Certificate Authority (CA) Certificate and Key<\/a><\/li><li><a href=\"#generate-diffie-hellman-parameters\">Generate Diffie Hellman Parameters<\/a><\/li><\/ul><\/li><li><a href=\"#generate-open-vpn-server-certificate-and-key\">Generate OpenVPN Server Certificate and Key<\/a><\/li><li><a href=\"#generate-hash-based-message-authentication-code-hmac-key\">Generate Hash-based Message Authentication Code (HMAC) key<\/a><\/li><li><a href=\"#generate-a-revocation-certificate\">Generate a Revocation Certificate<\/a><\/li><li><a href=\"#copy-server-certificates-and-keys-to-server-directory\">Copy Server Certificates and Keys to Server Directory<\/a><\/li><li><a href=\"#generate-open-vpn-client-certificate-and-key\">Generate OpenVPN Client Certificate and Key<\/a><\/li><li><a href=\"#copy-client-certificates-and-keys-to-client-directory\">Copy Client Certificates and Keys to Client Directory<\/a><\/li><\/ul><\/li><li><a href=\"#configure-open-vpn-server-on-rocky-linux-8\">Configure OpenVPN Server on Rocky Linux 8<\/a><ul><li><a href=\"#configure-open-vpn-server-routing\">Configure OpenVPN Server Routing<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"setting-up-open-vpn-server-on-rocky-linux-8\">Setting up OpenVPN Server on Rocky Linux 8<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-epel-repository\">Install EPEL Repository<\/h3>\n\n\n\n<p>The latest OpenVPN packages is provided by the EPEL repositories on Rocky Linux 8 and other similar derivatives. EPEL can be installed on Rocky Linux 8 by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install epel-release -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-open-vpn-on-rocky-linux-8\">Install OpenVPN on Rocky Linux 8<\/h3>\n\n\n\n<p>Once the EPEL repos are in place, you can now install OpenVPN package on Rocky Linux 8 by executing the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install openvpn<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-easy-rsa-ca-utility-on-rocky-linux-8\">Install Easy-RSA CA Utility on Rocky Linux 8<\/h3>\n\n\n\n<p>Easy-RSA package is a shell based CA utility that is used to generate SSL key-pairs that is used to secure VPN connections.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install easy-rsa<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-open-vpn-public-key-infrastructure\">Create OpenVPN Public Key Infrastructure<\/h3>\n\n\n\n<p>The first step in setting up an OpenVPN&nbsp;server is to create a PKI which consists of public and private keys for the OpenVPN server and connecting clients and a master Certificate Authority certificate and private key for signing the OpenVPN server and client certificates. If possible, you should create the PKI on a separate server running OpenVPN for security purposes.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"initialize-the-pki\">Initialize the PKI<\/h4>\n\n\n\n<p>Easy-RSA is used for PKI management. The Easy-RSA scripts are installed under the&nbsp;<code><strong>\/usr\/share\/easy-rsa<\/strong><\/code>&nbsp;directory.<\/p>\n\n\n\n<p>To ensure that Easy-RSA any configuration made is not overwritten in case of an upgrade, copy the scripts to a different directory, preferably under&nbsp;<code>\/etc<\/code>&nbsp;directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/easy-rsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -air \/usr\/share\/easy-rsa\/3\/* \/etc\/easy-rsa\/<\/code><\/pre>\n\n\n\n<p>Once the scripts are in place, navigate to the directory and initialize the PKI.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa init-pki<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>init-pki complete; you may now create a CA or requests.\nYour newly created PKI dir is: \/etc\/easy-rsa\/pki<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-the-certificate-authority-ca-certificate-and-key\">Generate the Certificate Authority (CA) Certificate and Key<\/h4>\n\n\n\n<p>Next, generate the CA certificate and key that will be used to sign certificates by running the commands below within the Easy-RSA directory above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-ca<\/code><\/pre>\n\n\n\n<p>This will prompt you for the CA key passphrase and the server common name.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nUsing SSL: openssl OpenSSL 1.1.1g FIPS  21 Apr 2020\n\nEnter New CA Key Passphrase: \nRe-Enter New CA Key Passphrase: \nGenerating RSA private key, 2048 bit long modulus (2 primes)\n........................................+++++\n....................................................+++++\ne is 65537 (0x010001)\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCommon Name (eg: your user, host, or server name) [Easy-RSA CA]:Kifarunix-demo CA\n\nCA creation complete and you may now import and sign cert requests.\nYour new CA certificate file for publishing is at:\n\/etc\/easy-rsa\/pki\/ca.crt\n<\/code><\/pre>\n\n\n\n<p>The CA file is <strong><code>\/etc\/easy-rsa\/pki\/ca.crt<\/code><\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-diffie-hellman-parameters\">Generate Diffie Hellman Parameters<\/h4>\n\n\n\n<p>While within the same Easy-RSA directory as in above, execute the command below to generate Diffie-Hellman key file that can be used for key exchange during the TLS handshake with connecting clients.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa gen-dh<\/code><\/pre>\n\n\n\n<p>The command will take sometime to complete. It then stores the DH parameters on the&nbsp;<strong><code>\/etc\/easy-rsa\/pki\/dh.pem<\/code><\/strong>&nbsp;file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-open-vpn-server-certificate-and-key\">Generate OpenVPN Server Certificate and Key<\/h3>\n\n\n\n<p>To generate a certificate and private key for the OpenVPN server, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-server-full server nopass<\/code><\/pre>\n\n\n\n<p>When the command runs, you will be prompted to enter the CA key passphrase create above.<\/p>\n\n\n\n<p><strong><code>nopass<\/code><\/strong>&nbsp;disables the use of passphrase in the certificates.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nUsing SSL: openssl OpenSSL 1.1.1g FIPS  21 Apr 2020\nGenerating a RSA private key\n.....+++++\n...............................+++++\nwriting new private key to '\/etc\/easy-rsa\/pki\/easy-rsa-10170.VLZsfK\/tmp.4TRoOP'\n-----\nUsing configuration from \/etc\/easy-rsa\/pki\/easy-rsa-10170.VLZsfK\/tmp.jTJJ7f\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncommonName            :ASN.1 12:'server'\nCertificate is to be certified until Oct  3 18:03:20 2023 GMT (825 days)\n\nWrite out database with 1 new entries\nData Base Updated\n\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-hash-based-message-authentication-code-hmac-key\">Generate Hash-based Message Authentication Code (HMAC) key<\/h3>\n\n\n\n<p>To generate TLS\/SSL pre-shared authentication key that will be used to add an additional HMAC signature to all SSL\/TLS handshake packets, to avoid DoS attack and UDP port flooding, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>openvpn --genkey --secret \/etc\/easy-rsa\/pki\/ta.key<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-a-revocation-certificate\">Generate a Revocation Certificate<\/h3>\n\n\n\n<p>In order to invalidate a previously signed certificate, you need to generate a revocation certificate.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa gen-crl<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nUsing SSL: openssl OpenSSL 1.1.1g FIPS  21 Apr 2020\nUsing configuration from \/etc\/easy-rsa\/pki\/easy-rsa-10284.mSzk9F\/tmp.qdix0A\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\n\nAn updated CRL has been created.\nCRL file: \/etc\/easy-rsa\/pki\/crl.pe\n<\/code><\/pre>\n\n\n\n<p>The Revocation certificate is stored as&nbsp;<code>\/etc\/easy-rsa\/pki\/crl.pem<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"copy-server-certificates-and-keys-to-server-directory\">Copy Server Certificates and Keys to Server Directory<\/h3>\n\n\n\n<p>Next, copy all generated certificates\/keys to OpenVPN server configuration directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,dh.pem,ta.key,crl.pem,issued,private} \/etc\/openvpn\/server\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-open-vpn-client-certificate-and-key\">Generate OpenVPN Client Certificate and Key<\/h3>\n\n\n\n<p>To generate OpenVPN clients certificate and private key, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/etc\/easy-rsa<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-client-full gentoo nopass<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nUsing SSL: openssl OpenSSL 1.1.1g FIPS  21 Apr 2020\nGenerating a RSA private key\n........................+++++\n.........................................................................................+++++\nwriting new private key to '\/etc\/easy-rsa\/pki\/easy-rsa-10316.rcXRdS\/tmp.tauo7u'\n-----\nUsing configuration from \/etc\/easy-rsa\/pki\/easy-rsa-10316.rcXRdS\/tmp.RxlTaw\nEnter pass phrase for \/etc\/easy-rsa\/pki\/private\/ca.key:\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncommonName            :ASN.1 12:'gentoo'\nCertificate is to be certified until Oct  3 18:05:23 2023 GMT (825 days)\n\nWrite out database with 1 new entries\nData Base Updated\n\n<\/code><\/pre>\n\n\n\n<p>where&nbsp;<strong>gentoo<\/strong>&nbsp;is the name of the client for which the certificate and keys are generated. Always use a unique common name for each client that you are generating certificate and keys for.<\/p>\n\n\n\n<p>To generate for the second client,<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/easyrsa build-client-full johndoe nopass<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"copy-client-certificates-and-keys-to-client-directory\">Copy Client Certificates and Keys to Client Directory<\/h3>\n\n\n\n<p>Create a directory for each client on OpenVPN client\u2019s directory<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/openvpn\/client\/{gentoo,johndoe}<\/code><\/pre>\n\n\n\n<p>Next, copy all client generated certificates\/keys and CA certificate to OpenVPN client configuration directory. You can<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,issued\/gentoo.crt,private\/gentoo.key} \/etc\/openvpn\/client\/gentoo<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp -rp \/etc\/easy-rsa\/pki\/{ca.crt,issued\/johndoe.crt,private\/johndoe.key} \/etc\/openvpn\/client\/johndoe\/<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configure-open-vpn-server-on-rocky-linux-8\">Configure OpenVPN Server on Rocky Linux 8<\/h2>\n\n\n\n<p>OpenVPN comes with a sample configuration file within its documentation directory. Copy the file to&nbsp;<code><strong>\/etc\/openvpn\/server\/<\/strong><\/code>&nbsp;and modify it to suit your needs.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/usr\/share\/doc\/openvpn\/sample\/sample-config-files\/server.conf \/etc\/openvpn\/server\/<\/code><\/pre>\n\n\n\n<p>Open the config for modification.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/openvpn\/server\/server.conf<\/code><\/pre>\n\n\n\n<p>The file is highly commented. Read the comments for every configuration options.<\/p>\n\n\n\n<p>In the most basic form, below are our configuration options, with no comments.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nport 1194\nproto udp4\ndev tun\nca ca.crt\ncert issued\/server.crt\nkey private\/server.key  # This file should be kept secret\ndh dh.pem\ntopology subnet\nserver 10.8.0.0 255.255.255.0\nifconfig-pool-persist ipp.txt\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 208.67.222.222\"\npush \"dhcp-option DNS 192.168.10.3\"\nclient-to-client\nkeepalive 10 120\ntls-auth ta.key 0 # This file is secret\ncipher AES-256-CBC\ncomp-lzo\nuser nobody\ngroup nobody\npersist-key\npersist-tun\nstatus \/var\/log\/openvpn\/openvpn-status.log\nlog-append  \/var\/log\/openvpn\/openvpn.log\nverb 3\nexplicit-exit-notify 1\nauth SHA512\n<\/code><\/pre>\n\n\n\n<p>Save and exit the configuration once done modifying.<\/p>\n\n\n\n<p>Want to assign fixed\/static IP addresses to your OpenVPN clients? Follow the guide below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/assign-static-ip-addresses-for-openvpn-clients\/\" target=\"_blank\" rel=\"noreferrer noopener\">Assign Static IP Addresses for OpenVPN Clients<\/a><\/p>\n\n\n\n<p>Create log directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/var\/log\/openvpn\/<\/code><\/pre>\n\n\n\n<p>Explore the configuration and do further fine tuning to suit your needs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-open-vpn-server-routing\">Configure OpenVPN Server Routing<\/h3>\n\n\n\n<p>To ensure that traffic from the client is routed through the servers IP address (helps masks the the client IP address), you need to enable IP forwarding on the OpenVPN server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"net.ipv4.ip_forward = 1\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Run the command below to effect the changes without rebooting the server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl --system<\/code><\/pre>\n\n\n\n<p>Allow OpenVPN service port through firewall<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=1194\/udp --permanent<\/code><\/pre>\n\n\n\n<p>Activate IP Masquerading<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-masquerade --permanent<\/code><\/pre>\n\n\n\n<p>Forward traffic received on the specified OpenVPN subnet, for example, the 10.8.0.0\/24 in our case, to an interface via which packets are going to be sent.<\/p>\n\n\n\n<p>To find the interface via which packets are sent through by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip route get 8.8.8.8<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>8.8.8.8 via 10.0.2.2 dev enp0s3 src 10.0.2.15 uid 0 \n    cache<\/code><\/pre>\n\n\n\n<p>The interface name and the subnet defined maybe different for your case. Replace them accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0\/24 -o <strong>enp0s<\/strong>3 -j MASQUERADE<\/code><\/pre>\n\n\n\n<p>Reload firewalld for the changes to take effect.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>Start and set OpenVPN run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now openvpn-server@server<\/code><\/pre>\n\n\n\n<p>When OpenVPN service runs, it will create a tunnelling interface, tun0;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add s<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>4: tun0: &lt;POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP&gt; mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100\n    link\/none \n    inet 10.8.0.1\/24 brd 10.8.0.255 scope global tun0\n       valid_lft forever preferred_lft forever\n    inet6 fe80::afd7:17a6:57ee:7f3b\/64 scope link stable-privacy \n       valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\n<p>Checking the logs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tail \/var\/log\/openvpn\/openvpn.log<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\/sbin\/ip addr add dev tun0 10.8.0.1\/24 broadcast 10.8.0.255\nSocket Buffers: R=[212992->212992] S=[212992->212992]\nUDPv4 link local (bound): [AF_INET][undef]:1194\nUDPv4 link remote: [AF_UNSPEC]\nGID set to nobody\nUID set to nobody\nMULTI: multi_init called, r=256 v=256\nIFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0\nIFCONFIG POOL LIST\nInitialization Sequence Completed\n<\/code><\/pre>\n\n\n\n<p>Your OpenVPN Server is now up and running.<\/p>\n\n\n\n<p>You can now proceed to configure OpenVPN clients and interconnect them through the vpn server.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-openvpn-client-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Configure OpenVPN Client on Rocky Linux 8<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/assign-static-ip-addresses-for-openvpn-clients\/\" target=\"_blank\" rel=\"noreferrer noopener\">Assign Static IP Addresses for OpenVPN Clients<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-openvpn-ldap-based-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure OpenVPN LDAP Based Authentication<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install and easily setup OpenVPN Server on Rocky Linux 8.&nbsp;OpenVPN&nbsp;is a robust and highly flexible<\/p>\n","protected":false},"author":3,"featured_media":9411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,282,321],"tags":[3772,283,3771,323],"class_list":["post-9404","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-openvpn","category-vpn","tag-install-openvpn-rocky-linux-8","tag-openvpn","tag-openvpn-rocky-linux-8","tag-vpn","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9404"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9404"}],"version-history":[{"count":5,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9404\/revisions"}],"predecessor-version":[{"id":21755,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9404\/revisions\/21755"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9411"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}