How To Install OpenVPN On CentOS 6.x 32/64 bit
OpenVPN is the most commonly used and updated VPN software on the market. This tutorial will show you how to install an OpenVPN Server on CentOS 6.x
First, we will need to download and enable the EPEL (Extra Packages for Enterprise Linux) Repository. This will let us download OpenVPN later.
1. wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
2. rpm -Uvh epel-release-6-8.noarch.rpm
Now to install the OpenVPN package from the previously downloaded repository.
1. yum install openvpn -y
Currently OpenVPN comes default with a sample configuration file so we will have to move it to it's correct place.
1. cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn
Now, we must edit it, use your favorite editing method for this. We will be using nano in this tutorial.
1. nano -w /etc/openvpn/server.conf
We must uncomment "push" which allows the user traffic to route through the OpenVPN server.
2. push "redirect-gateway def1 bypass-dhcp"
Next we must edit the DNS so it routes to Google's DNS servers.
3. push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
To further increase your security, uncomment the relevate lines below.
1. user nobody
group nobody
Since the configuration file is now completed, we must generate the RSA keys and the necessary certificates. To start, we must move the sample files to the correct directories.
1. mkdir -p /etc/openvpn/easy-rsa/keys
2. cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa
With the correct placement, we can now edit the variable file.
1. nano -w /etc/openvpn/easy-rsa/vars
We must modify the "KEY_" variables located at the bottom of the file
Example of finished variables:
export KEY_COUNTRY="US"
export KEY_PROVINCE="MI"
export KEY_CITY="Detroit"
export KEY_ORG="Organization Name"
export KEY_EMAIL="administrator@example.com"
export KEY_CN=droplet.example.com
export KEY_NAME=server
export KEY_OU=server
On CentOS6, OpenVPN may fail to detect OpenSSL so we are going to manually copy the required files.
1. cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Now we must enter our OpenVPN directory to build our certificates.
1. cd /etc/openvpn/easy-rsa
2. source ./vars
3. ./clean-all
5. ./build-ca
Next, we must generate another certificate.
1. ./build-key-server server
Once that is completed, we must generate the Diffie Hellman key exchange files.
1. ./build-dh
2. cd /etc/openvpn/easy-rsa/keys
3. cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
Now that we have the server up and running, we must generate client certificates.
1. cd /etc/openvpn/easy-rsa
2. ./build-key client
Now we must create an iptables rules to allow the traffic to work with our VPN service.
1. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
2. service iptables save
Now we must enable IP Forwarding
1. nano -w /etc/sysctl.conf
2. net.ipv4.ip_forward = 1
Now we have to apply our newly updated settigns and start the server.
1. sysctl -p
2. service openvpn start
Now that it is running, we will add it to start up.
1. chkconfig openvpn on
Now that our server is fully complete, we must download the files in order to connect to the VPN.
The files are located at:
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client.crt
/etc/openvpn/easy-rsa/keys/client.key
On the clients computer, you must create a file labeled "client.ovpn".
You may copy and paste the following code and edit the needed parts.
1. client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
2. The "x.x.x.x" should be your OpenVPN server IP
Now you are ready to distribute your certificates to allow the end user to start using your personal VPN service!