Deploying on Fedora
Install and Maintain eduVPN/Let's Connect! on Fedora
For simple one server deployments and tests, we have a deploy script available you can run on a fresh Fedora 29 or 30 installation. It will configure all components and will be ready for use after running!
Additional scripts are available after deployment:
- Use Let's Encrypt for automatic web server certificate management;
- Clean Fedora 29 or 30 installation with all updates installed;
- SELinux MUST be enabled;
- Have a STATIC IPv4 and IPv6 address configured on your external interface;
- Network equipment/VM platform allows access to the very least
tcp/1194for basic functionality, the deploy script will take care of the host firewall;
- Working DNS entry for your VPN server, e.g.
We test only with the official Fedora Cloud Base Images.
If you have a more complicated setup, we recommend to manually walk through the deploy script and follow the steps.
Perform these steps on the host where you want to deploy:
$ curl -L -O https://github.com/eduvpn/documentation/archive/master.tar.gz $ tar -xzf master.tar.gz $ cd documentation-master
Run the script (as root):
$ sudo -s # ./deploy_fedora.sh
Specify the hostname you want to use for your VPN server. Both the "Web" and "OpenVPN" DNS names can be identical for simple 1 machine setups.
NOTE: you can NOT use
localhost as a hostname, nor an IP address!
Periodically install updates!
See PROFILE_CONFIG on how to update the VPN server settings.
Username & Password
By default there is a user
admin with a generated password for
portal access. Those are printed at the end of the deploy script.
If you want to update/add users you can use the
Provide an existing account to update the password:
$ sudo vpn-user-portal-add-user User ID: foo Setting password for user "foo" Password: Password (repeat):
You can configure which user(s) is/are an administrator by setting the
adminUserIdList option in
'adminUserIdList' => ['admin'],
It is easy to enable LDAP authentication. This is documented separately. See LDAP.
It is easy to enable RADIUS authentication. This is documented separately. See RADIUS.
It is easy to enable SAML authentication for identity federations, this is documented separately. See SAML.
It is possible to enable 2FA with TOTP.
If you want to restrict the use of the VPN a bit more than on whether someone has an account or not, e.g. to limit certain profiles to certain (groups of) users, see ACL.
Run the script (as root):
$ sudo -s # ./lets_encrypt_centos.sh
Make sure you use the exact same DNS name you used when running
After completing the script, the certificate will be installed and the system will automatically replace the certificate before it expires.
Let's Connect! Branding
If you also want to allow clients to connect with the VPN over