How to install and configure OpenVPN
Posted on January 18th, 2016
In this documentation, we can check how to install and configure OpenVPN on CentOS.
1) Login to the server via ssh.
2) Install OpenVPN dependencies.
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
3) Download LZO RPM.
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
4) Add repo for your server.
Find out the server type using the following command.
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Add the appropriate repo for your server.
CentOS 6 32-bit (x86):
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm
CentOS 6 64-bit (x86_64):
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
5) Build RPM package.
rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*
6) Install OpenVPN.
yum install openvpn easy-rsa -y
7) Copy easy-rsa folder to /etc/openvpn/.
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
8) Edit the file.
vi /etc/openvpn/easy-rsa/2.0/vars
Edit the following line.
export KEY_CONFIG=’$EASY_RSA/whichopensslcnf $EASY_RSA’
Replace to the following.
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
9) Create certificate.
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
10) Build CA file.
./build-ca
11) Build key server.
./build-key-server server
12) Build Diffie Hellman.
./build-dh
13) Create OpenVPN config file.
touch /etc/openvpn/server.conf
14) Copy and paste the following values to the OpenVPN config file.
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
Save the file.
15) Start OpenVPN service on the server.
service openvpn start
16) Enable IP forwarding.
vi /etc/sysctl.conf
Replace 0 with 1.
net.ipv4.ip_forward = 1
Save the file.
17) Enter the following command to load the changes.
sysctl -p
18) Create new Linux username.
useradd username -s /bin/false
Replace the ‘username’ with your exact username.
Create password.
passwd username
19) Route some iptables.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source 123.123.123.123
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 123.123.123.123
Replace 123.123.123.123 with your server IP.
20) If you have CSF on your server, open the OpenVPN port number 1194 through the firewall and enter the following commands.
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT –to-source 123.123.123.123
Replace 123.123.123.123 with your server IP.
21) Save iptables rules.
service iptables save
That is how we can install and configure OpenVPN on CentOS server.
If you need any further help please reach our support department.