This guide will provide you with all the steps necessary to install a simple OpenVPN server on CentOS 6.
First, login to the SolusVM control panel for your VPS and enable TUN/TAP from the settings menu.
Now, SSH into your VPS where you'll need to install the Enterprise Linux (EPEL) repository:
yum install -y epel-release
Then install OpenVPN:
yum install -y openvpn easy-rsa
Copy the sample configs to make editing it easier:
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
Open the config file to edit with the required settings:
- To enable editing in vi, just hit the "i" key on your keyboard.
Find this line and uncomment it by removing the ; at beginning of the line:
push "redirect-gateway def1 bypass-dhcp"
Now scroll down a bit to uncomment these lines:
push "dhcp-option DNS 22.214.171.124"
push "dhcp-option DNS 126.96.36.199"
Then scroll down further to uncomment these lines:
Once the edits are done, save the file and exit vi.
- To save and exit in vi, just hit the "ESC" key on your keyboard to exit editing mode, then type ":x" (without quotes) and hit enter.
Generate RSA Keys and Certificates Using easy-rsa
OpenVPN requires keys and certificates to authenticate users, so follow these steps to do so:
mkdir -p /etc/openvpn/easy-rsa/keys cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
Copy the OpenSSL configuration file to the easy-rsa folder:
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Now we'll start the build process for the key/certificate. You will be asked to enter various information, so just fill them out to your liking.
Then generate the Diffie Hellman key exchange files:
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Now create the client ceritificates to allow clients to authenticate with the server:
Configuring iptables and sysctl:
Now to configure your iptables and sysctl to function properly with the VPN:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 188.8.131.52
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
service iptables save
Enable IP forwarding:
Set this setting equal to 1:
# net.ipv4.ip_forward = 1
Apply the sysctl settings and start up OpenVPN as well as set it to start up on boot:
service openvpn start
chkconfig openvpn on
OpenVPN Client for Windows
With your OpenVPN server now online, you'll need to configure your OpenVPN client. You can download it here:
First, find the certificate and key files on your server:
Navigate to this directory to find them:
These are the files you need:
You will need to paste the contents of each file for the next step. To view each file, simply use the command "vi filename" to view them.
Now create a file on your computer named "client.ovpn" and fill in the following:
- "client" is the name of the user (from when you created the key/certificate)
- replace x.x.x.x with your BeastNode VPS IP
- paste the entire contents of each crt and key file from above as specified in the config
remote x.x.x.x 1194
Contents of ca.crt
Contents of client.crt
Contents of client.key
Now all you need to do to connect to your VPN is to go into the OpenVPN client and do the following:
1. Click on the + (plus) symbol next to "Connection Profiles", select "Local file", click on Import, and navigate to the client.ovpn file you made previously.
2. Enter your desired name for the profile and make sure "Completely trust this profile" is checked, then click Save.
3. You should see the newly added profile in the client window - simply click on it to connect to your VPN and you're all done!
To connect to the VPN on Mac OS X, you can download Tunnelblick and create the .ovpn config file as in the steps above and place it in ~/Library/Application Support /Tunnelblick/Configurations