How to install and configure OpenVPN

Posted on January 18th, 2016

In this documentation, we can check how to install and configure OpenVPN on CentOS.

 

1) Login to the server via ssh.

 

2) Install OpenVPN dependencies.

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

 

3) Download LZO RPM.

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

 

4) Add repo for your server.

Find out the server type using the following command.

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

Add the appropriate repo for your server.

CentOS 6 32-bit (x86):

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm

CentOS 6 64-bit (x86_64):

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

 

5) Build RPM package.

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm

rpm -Uvh lzo-*.rpm

rpm -Uvh rpmforge-release*

 

6) Install OpenVPN.

yum install openvpn easy-rsa  -y

 

7) Copy easy-rsa folder to /etc/openvpn/.

cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/

 

8) Edit the file.

vi /etc/openvpn/easy-rsa/2.0/vars

Edit the following line.

export KEY_CONFIG=’$EASY_RSA/whichopensslcnf $EASY_RSA’

Replace to the following.

export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

 

9) Create certificate.

cd /etc/openvpn/easy-rsa/2.0

chmod 755 *

source ./vars

./vars

./clean-all

 

10) Build CA file.

./build-ca

 

11) Build key server.

./build-key-server server

 

12) Build Diffie Hellman.

./build-dh

 

13) Create OpenVPN config file.

touch /etc/openvpn/server.conf

 

14) Copy and paste the following values to the OpenVPN config file.

port 1194 #- port

proto udp #- protocol

dev tun

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

reneg-sec 0

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt

cert /etc/openvpn/easy-rsa/2.0/keys/server.crt

key /etc/openvpn/easy-rsa/2.0/keys/server.key

dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS

#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS

client-cert-not-required

username-as-common-name

server 10.8.0.0 255.255.255.0

push “redirect-gateway def1”

push “dhcp-option DNS 8.8.8.8”

push “dhcp-option DNS 8.8.4.4”

keepalive 5 30

comp-lzo

persist-key

persist-tun

status 1194.log

verb 3

Save the file.

 

15) Start OpenVPN service on the server.

service openvpn start

 

16) Enable IP forwarding.

vi /etc/sysctl.conf

Replace 0 with 1.

net.ipv4.ip_forward = 1

Save the file.

 

17) Enter the following command to load the changes.

sysctl -p

 

18) Create new Linux username.

useradd username -s /bin/false

Replace the ‘username’ with your exact username.

Create password.

passwd username

 

19) Route some iptables.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source 123.123.123.123

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 123.123.123.123

 

Replace 123.123.123.123 with your server IP.

 

 

20) If you have CSF on your server, open the OpenVPN port number 1194 through the firewall and enter the following commands.

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

iptables -t nat -A POSTROUTING -j SNAT –to-source 123.123.123.123

Replace 123.123.123.123 with your server IP.

 

21) Save iptables rules.

service iptables save

 

That is how we can install and configure OpenVPN on CentOS server.

 

If you need any further help please reach our support department.

 

 

Leave a Reply