{"id":42,"date":"2015-01-13T15:53:00","date_gmt":"2015-01-13T15:53:00","guid":{"rendered":"https:\/\/www.tech-and-dev.com\/blog\/2015\/01\/13\/how-to-install-openvpn-on-centos-7\/"},"modified":"2021-02-22T01:29:47","modified_gmt":"2021-02-22T01:29:47","slug":"how-to-install-openvpn-on-centos-7","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2015\/01\/how-to-install-openvpn-on-centos-7.html","title":{"rendered":"How To Install OpenVPN on CentOS 7"},"content":{"rendered":"
\n
\"OpenVPN<\/div>\n

 <\/p>\n

Installing OpenVPN on CentOS 7<\/h2>\n

 <\/p>\n

Install the Epel package:<\/h4>\n

rpm -Uvh https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm<\/p><\/blockquote>\n

<\/a><\/p>\n

Install OpenVPN:<\/h4>\n

yum install openvpn<\/p><\/blockquote>\n

 <\/p>\n

Install easy-rsa<\/h4>\n

yum install easy-rsa<\/p><\/blockquote>\n

 <\/p>\n

Copy the easy-rsa to openvpn<\/h4>\n

cp -R \/usr\/share\/easy-rsa\/ \/etc\/openvpn\/<\/p><\/blockquote>\n

 <\/p>\n

Clean the current certificate if any exist and generate a new one:<\/h4>\n

cd \/etc\/openvpn\/easy-rsa\/2.0
\nsource .\/vars
\n.\/clean-all
\n.\/build-ca<\/p><\/blockquote>\n

 <\/p>\n

Build key server<\/h4>\n

.\/build-key-server server<\/span><\/p><\/blockquote>\n

Make sure to sign and commit the certificate by clicking “y” when prompted.<\/b><\/span><\/p>\n

The “server” in fuchsia will be used in this entire tutorial, you may rename it to anything else.<\/span><\/b><\/span><\/p>\n

Build the Client Certificate to be used for authentication:<\/h4>\n

.\/build-key client<\/span><\/p><\/blockquote>\n

Make sure to sign and commit the certificate by clicking “y” when prompted.<\/b><\/span><\/p>\n

The “client” in green will be used in this entire tutorial, you may rename it to anything else.<\/b><\/span><\/p>\n

Build Diffie Hellman key exchange (This may take a while)<\/h4>\n

.\/build-dh<\/p><\/blockquote>\n

 <\/p>\n

Create OpenVPN configuration file:<\/h4>\n

vi \/etc\/openvpn\/server<\/span>.conf<\/p><\/blockquote>\n

and copy\/Paste the below:<\/p>\n

port 1194<\/span> #- port
\nproto udp #- protocol
\ndev tun
\ntun-mtu 1500
\ntun-mtu-extra 32
\nmssfix 1450
\nreneg-sec 0
\nca \/etc\/openvpn\/easy-rsa\/2.0\/keys\/ca.crt
\ncert \/etc\/openvpn\/easy-rsa\/2.0\/keys\/server<\/span>.crt
\nkey \/etc\/openvpn\/easy-rsa\/2.0\/keys\/server<\/span>.key
\ndh \/etc\/openvpn\/easy-rsa\/2.0\/keys\/dh2048.pem
\nserver 10.8.0.0 255.255.255.0
\npush “redirect-gateway def1”
\npush “dhcp-option DNS 8.8.8.8”
\npush “dhcp-option DNS 8.8.4.4”
\nuser nobody
\ngroup nobody
\nkeepalive 5 30
\ncomp-lzo
\npersist-key
\npersist-tun
\nstatus 1194.log
\nverb 3
\ntls-server
\ncipher AES-256-CBC<\/p><\/blockquote>\n

 <\/p>\n

Enable IP Forwarding:<\/h4>\n

vi \/etc\/sysctl.conf<\/p><\/blockquote>\n

change (or Add)<\/p>\n

net.ipv4.ip_forward = 0<\/p><\/blockquote>\n

to<\/p>\n

net.ipv4.ip_forward = 1<\/p><\/blockquote>\n

and save the settings<\/p>\n

sysctl -p<\/p><\/blockquote>\n

Add OpenVPN to systemctl<\/h4>\n

systemctl -f enable openvpn@server<\/span>.service<\/p><\/blockquote>\n

Start OpenVPN<\/h4>\n

systemctl start openvpn@server<\/span>.service<\/p><\/blockquote>\n

 <\/p>\n

Configure Firewalld:<\/h4>\n

firewall-cmd –permanent\u00a0 –zone=public –add-service openvpn
\nfirewall-cmd –permanent\u00a0 –zone=public –add-masquerade
\nfirewall-cmd –reload<\/p><\/blockquote>\n

Configure CSF:<\/h4>\n

If you use CSF firewall, copy and paste the following into csfpre.sh, make sure to replace xxx.xxx.xxx.xxx<\/span> by your server’s IP address:<\/p>\n

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
\niptables -A FORWARD -s 10.8.0.0\/24 -j ACCEPT
\niptables -A FORWARD -j REJECT
\niptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -o eth0 -j MASQUERADE
\niptables -t nat -A POSTROUTING -j SNAT –to-source xxx.xxx.xxx<\/span><\/p><\/blockquote>\n

and save (:w) and quit editing the file (:q)<\/p>\n

Modify CSF configuration file to allow the port number you chose earlier<\/h4>\n

If you use CSF, you will have to open the port in UDP or TCP, depends on what you’ve chosen:<\/p>\n

vi \/etc\/csf\/csf.conf<\/p><\/blockquote>\n

and save (:w) and quit editing the file (:q)<\/p>\n

Restart CSF<\/h4>\n

csf -r<\/p><\/blockquote>\n

 <\/p>\n

Installing and Configuring the OpenVPN Windows Client.<\/h2>\n

Download & Install OpenVPN.<\/h4>\n

It can be downloaded from openvpn.com<\/a><\/p>\n

Go to OpenVPN configuration path.<\/h4>\n

For windows 32bit: (C:Program Files (x86)OpenVPNconfig by default).
\nFor windows 64bit: (C:Program FilesOpenVPNconfig by default).<\/p>\n

Create a new file called server<\/span>.ovpn and add the below to it:<\/p>\n

client
\ndev tun
\nproto udp
\nremote xxx.xxx.xxx.xxx<\/span> 1194<\/span> # – Your server IP and OpenVPN Port
\nresolv-retry infinite
\nnobind
\ntun-mtu 1500
\ntun-mtu-extra 32
\nmssfix 1450
\npersist-key
\npersist-tun
\nca ca.crt
\ncert client<\/span>.crt
\nkey client<\/span>.key
\nauth-nocache
\ncomp-lzo
\nreneg-sec 0
\ntls-client
\ncipher AES-256-CBC
\nverb 3<\/p><\/blockquote>\n

Make sure to replace xxx.xxx.xxx.xxx<\/span> by your server’s IP address, and 1194<\/span> by the port you chose above.<\/p>\n

Add server certificate:<\/h4>\n

Open the below file on the server and copy its content:<\/p>\n

vi \/etc\/openvpn\/easy-rsa\/2.0\/keys\/ca.crt<\/p><\/blockquote>\n

Create a new file called ca.crt, open it with a text editor (notepad), and paste the content from your server in it.<\/p>\n

Add client certificate:<\/h4>\n

Open the below file on the server and copy its content:<\/p>\n

vi \/etc\/openvpn\/easy-rsa\/2.0\/keys\/client<\/span>.crt<\/p><\/blockquote>\n

Create a new file called client<\/span>.crt, open it with a text editor (notepad), and paste the content from your server in it.<\/p>\n

Add client key:<\/h4>\n

Open the below file on the server and copy its content:<\/p>\n

vi \/etc\/openvpn\/easy-rsa\/2.0\/keys\/client<\/span>.key<\/p><\/blockquote>\n

Create a new file called client<\/span>.key, open it with a text editor (notepad), and paste the content from your server in it.<\/p>\n

Questions? Ask them below!<\/b><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

  Installing OpenVPN on CentOS 7   Install the Epel package: rpm -Uvh https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm Install OpenVPN: yum install openvpn   Install easy-rsa yum install easy-rsa   Copy the easy-rsa to openvpn cp -R \/usr\/share\/easy-rsa\/ \/etc\/openvpn\/   Clean the current certificate if any exist and generate a new one: cd \/etc\/openvpn\/easy-rsa\/2.0 source .\/vars .\/clean-all .\/build-ca   […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,59,60,6,58,52,15],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-centos","category-csf","category-firewalld","category-linux","category-openvpn","category-putty","category-vpn"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":3,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions"}],"predecessor-version":[{"id":408,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions\/408"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}