How To Install OpenVPN on CentOS 6.x

How To Install OpenVPN On CentOS 6.x 32/64 bit

OpenVPN is the most commonly used and updated VPN software on the market. This tutorial will show you how to install an OpenVPN Server on CentOS 6.x

First, we will need to download and enable the EPEL (Extra Packages for Enterprise Linux) Repository. This will let us download OpenVPN later.

1. wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

2. rpm -Uvh epel-release-6-8.noarch.rpm

Now to install the OpenVPN package from the previously downloaded repository.

1. yum install openvpn -y

Currently OpenVPN comes default with a sample configuration file so we will have to move it to it's correct place.

1. cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn

Now, we must edit it, use your favorite editing method for this. We will be using nano in this tutorial.

1. nano -w /etc/openvpn/server.conf

We must uncomment "push" which allows the user traffic to route through the OpenVPN server.

2. push "redirect-gateway def1 bypass-dhcp"

Next we must edit the DNS so it routes to Google's DNS servers.

3. push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"

To further increase your security, uncomment the relevate lines below.

1. user nobody
    group nobody

Since the configuration file is now completed, we must generate the RSA keys and the necessary certificates. To start, we must move the sample files to the correct directories.

1. mkdir -p /etc/openvpn/easy-rsa/keys

2. cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa

With the correct placement, we can now edit the variable file.

1. nano -w /etc/openvpn/easy-rsa/vars

We must modify the "KEY_" variables located at the bottom of the file

Example of finished variables:

export KEY_COUNTRY="US"
export KEY_PROVINCE="MI"
export KEY_CITY="Detroit"
export KEY_ORG="Organization Name"
export KEY_EMAIL="administrator@example.com"
export KEY_CN=droplet.example.com
export KEY_NAME=server
export KEY_OU=server

On CentOS6, OpenVPN may fail to detect OpenSSL so we are going to manually copy the required files.

1. cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

Now we must enter our OpenVPN directory to build our certificates.

1. cd /etc/openvpn/easy-rsa

2. source ./vars

3. ./clean-all

5. ./build-ca

Next, we must generate another certificate.

1. ./build-key-server server

Once that is completed, we must generate the Diffie Hellman key exchange files.

1. ./build-dh

2. cd /etc/openvpn/easy-rsa/keys

3. cp dh1024.pem ca.crt server.crt server.key /etc/openvpn

Now that we have the server up and running, we must generate client certificates.

1. cd /etc/openvpn/easy-rsa

2. ./build-key client

Now we must create an iptables rules to allow the traffic to work with our VPN service.

1. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
2. service iptables save

Now we must enable IP Forwarding

1. nano -w /etc/sysctl.conf

2. net.ipv4.ip_forward = 1

Now we have to apply our newly updated settigns and start the server.

1. sysctl -p

2. service openvpn start

Now that it is running, we will add it to start up.

1. chkconfig openvpn on

Now that our server is fully complete, we must download the files in order to connect to the VPN.

The files are located at:

/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/client.crt
/etc/openvpn/easy-rsa/keys/client.key

On the clients computer, you must create a file labeled "client.ovpn".

You may copy and paste the following code and edit the needed parts.

1. client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>

2. The "x.x.x.x" should be your OpenVPN server IP

Now you are ready to distribute your certificates to allow the end user to start using your personal VPN service!

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install a LAMP Stack On CentOS 6

How To Install a LAMP Stack on CentOS 6 LAMP stands for Linux Apache MySQL and PHP. It is the...

How To Install OpenSSL On CentOS

How To Install OpenSSL on a CentOS Server First, we want to install OpenSSL 1. yum install...

How To Prevent Bruteforce And DoS Attacks On CentOS

How To Prevent Bruteforce And DoS Attacks On CentOSThis is part one of the three part tutorial on...

How To Setup A Basic IPTables Firewall On CentOS - Section 2

How To Setup A Basic IPTables Firewall On CentOSThis is part two of the three part tutorial on...

How To Harden Your SSH On CentOS

How To Harden Your SSH On CentOSThis is part three of the three part tutorial on securing your...