How to Install and Setup OpenVPN on a CentOS 6 Server

What is OpenVPN?

OpenVPN is a software application that encrypts all VPN traffic and provides a secure connection between machines. This is useful if your services are on a local network and you have to access them remotely but don’t want these services to be publicly accessible. In this step by step tutorial we will explain how to install OpenVPN on your CentOS 6 server.

What you’ll need

  1. A VPS server running on CentOS 6.
  2. A SSH client (OSX,Linux users have Terminal and Windows users can download PuTTY).
Table of Contents
  1. What is OpenVPN?
  2. What you’ll need
  3. Step 1 — Log into your Server via SSH
  4. Step 2 — Install EPEL Repository
  5. Step 3 — Generate Keys & Certificates
  6. Step 4 — Configure Routing
  7. Step 5 — Configure OpenVPN
    1. Linux
    2. Windows
    3. Mac OSX

Step 1 — Log into your Server via SSH

Log into your server via SSH as root. Next we need to get the  Extra Packages for Enterprise Linux (EPEL) Repository enabled on your server so that you will have the OpenVPN package.Type:

Install OpenVPN from your EPEL repository:

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

Step 2 — Install EPEL Repository

Install OpenVPN from your EPEL repository:

yum install openvpn -y

Next we’ll copy the sample configuration file to its new location:

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Now let’s edit it:

nano -w /etc/openvpn/server.conf
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

We uncommented the push parameter which is responsible for routing our client’s system traffic through OpenVPN and changed the section that follows route DNS queries to public Goggle’s public DNS servers.

Step 3 — Generate Keys & Certificates

After configuring the file, we now need to generate some keys and certificates. Copy the easy-rsa folder to etc/openvpn/:

mkdir -p /etc/openvpn/easy-r/keys
cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa

Edit the vars file, the KEY_ variables to be more precise, then copy the OpenSSL config file:

nano -w /etc/openvpn/easy-rsa/vars
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

Now create the  certificate:

cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca

Build key-server:

./build-key-server server

After that we need to generate our Diffie Hellman key exchanges and copy our files to etc/openvpn:

./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn

We now need to create certificates for clients to authenticate. Repeat for each client or device:

cd /etc/openvpn/easy-rsa
./build-key client

Step 4 — Configure Routing

Let’s continue with configuring  our routing on OpenVPN:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save 
nano -w /etc/sysctl.conf
net.ipv4.ip_forward = 1 
sysctl -p

Start the server and check if it starts on boot:

service openvpn start
chkconfig openvpn on

Step 5 — Configure OpenVPN

To configure the OpenVPN client you need to retrieve the ca.crt, client.crt and client.key from remote server using your SFTP/SCP (transfer protocol, secure copy) of choice.

nano -w /etc/openvpn/easy-rsa/keys/ca.crt
nano -w /etc/openvpn/easy-rsa/keys/client.crt
nano -w /etc/openvpn/easy-rsa/keys/client.key

We will now create another file client.ovpn with the name of the user we want to authenticate (build key).Replace x.x.x.x with your servers IP address:

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca "/etc/openvpn/easy-rsa/keys/ca.crt"
cert "/etc/openvpn/easy-rsa/keys/client.crt"
key "/etc/openvpn/easy-rsa/keys/client.key"

Linux

Install OpenVPN from your official repositories and can invoke them by:

sudo openvpn --config ~/path/to/client.ovpn

Windows

You will need do download from OpenVPN’s official site the Community edition binaries that come prepackaged with a GUI. Before installation, put the .ovpn config file in C:\Program Files\OpenVPN\config and then connect to the OpenVPN interface.

Mac OSX

The app we need here is Tunnelblick, which is the equivalent for OpenVPN’s GUI for Windows(requires tun/tap drivers). Place your .ovpn file in the ~/Library/Application Support/Tunnelblick/Configurations directory before installation.

Now is the time for you to rejoice, for you have successfully installed and configured OpenVPN on your server. Well done!

If you’re looking for a high performance VPS at entry level prices, then be sure to check out our Linux KVM VPS. Plans start at 2GB RAM for only $5.99!

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments