How To Install OpenVPN on CentOS 7

Installing OpenVPN on CentOS 7

Install the Epel package:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Install OpenVPN:

yum install openvpn

Install easy-rsa

yum install easy-rsa

Copy the easy-rsa to openvpn

cp -R /usr/share/easy-rsa/ /etc/openvpn/

Clean the current certificate if any exist and generate a new one:

cd /etc/openvpn/easy-rsa/2.0
source ./vars
./clean-all
./build-ca

Build key server

./build-key-server server

Make sure to sign and commit the certificate by clicking “y” when prompted.

The “server” in fuchsia will be used in this entire tutorial, you may rename it to anything else.

Build the Client Certificate to be used for authentication:

./build-key client

Make sure to sign and commit the certificate by clicking “y” when prompted.

The “client” in green will be used in this entire tutorial, you may rename it to anything else.

Build Diffie Hellman key exchange (This may take a while)

./build-dh

Create OpenVPN configuration file:

vi /etc/openvpn/server.conf

and copy/Paste the below:

port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
user nobody
group nobody
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
tls-server
cipher AES-256-CBC

Enable IP Forwarding:

vi /etc/sysctl.conf

change (or Add)

net.ipv4.ip_forward = 0

net.ipv4.ip_forward = 1

and save the settings

sysctl -p

Add OpenVPN to systemctl

systemctl -f enable openvpn@server.service

Start OpenVPN

systemctl start openvpn@server.service

Configure Firewalld:

firewall-cmd –permanent –zone=public –add-service openvpn
firewall-cmd –permanent –zone=public –add-masquerade
firewall-cmd –reload

Configure CSF:

If you use CSF firewall, copy and paste the following into csfpre.sh, make sure to replace xxx.xxx.xxx.xxx by your server’s IP address:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT –to-source xxx.xxx.xxx

and save (:w) and quit editing the file (:q)

Modify CSF configuration file to allow the port number you chose earlier

If you use CSF, you will have to open the port in UDP or TCP, depends on what you’ve chosen:

vi /etc/csf/csf.conf

and save (:w) and quit editing the file (:q)

Restart CSF

csf -r

Installing and Configuring the OpenVPN Windows Client.

Download & Install OpenVPN.

It can be downloaded from openvpn.com

Go to OpenVPN configuration path.

For windows 32bit: (C:Program Files (x86)OpenVPNconfig by default).
For windows 64bit: (C:Program FilesOpenVPNconfig by default).

Create a new file called server.ovpn and add the below to it:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194 # – Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
auth-nocache
comp-lzo
reneg-sec 0
tls-client
cipher AES-256-CBC
verb 3

Make sure to replace xxx.xxx.xxx.xxx by your server’s IP address, and 1194 by the port you chose above.

Add server certificate:

Open the below file on the server and copy its content:

vi /etc/openvpn/easy-rsa/2.0/keys/ca.crt

Create a new file called ca.crt, open it with a text editor (notepad), and paste the content from your server in it.

Add client certificate:

Open the below file on the server and copy its content:

vi /etc/openvpn/easy-rsa/2.0/keys/client.crt

Create a new file called client.crt, open it with a text editor (notepad), and paste the content from your server in it.

Add client key:

Open the below file on the server and copy its content:

vi /etc/openvpn/easy-rsa/2.0/keys/client.key

Create a new file called client.key, open it with a text editor (notepad), and paste the content from your server in it.

Questions? Ask them below!

Installing OpenVPN on CentOS 7

Install the Epel package:

Install OpenVPN:

Install easy-rsa

Copy the easy-rsa to openvpn

Clean the current certificate if any exist and generate a new one:

Build key server

Build the Client Certificate to be used for authentication:

Build Diffie Hellman key exchange (This may take a while)

Create OpenVPN configuration file:

Enable IP Forwarding:

Add OpenVPN to systemctl

Start OpenVPN

Configure Firewalld:

Configure CSF:

Modify CSF configuration file to allow the port number you chose earlier

Restart CSF

Installing and Configuring the OpenVPN Windows Client.

Download & Install OpenVPN.

Go to OpenVPN configuration path.

Add server certificate:

Add client certificate:

Add client key:

Share this:

Related posts:

Leave a Reply Cancel reply