Need a Minecraft server? BeastNode offers the highest performance servers with DDoS protection!

Shop for plans now


How to Install and Configure an OpenVPN Server on CentOS 6

This guide will provide you with all the steps necessary to install a simple OpenVPN server on CentOS 6.

First, login to the SolusVM control panel for your VPS and enable TUN/TAP from the settings menu.

Now, SSH into your VPS where you'll need to install the Enterprise Linux (EPEL) repository:

yum install -y epel-release


Then install OpenVPN:

yum install -y openvpn easy-rsa


Copy the sample configs to make editing it easier:

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn


Open the config file to edit with the required settings:

vi /etc/openvpn/server.conf

- To enable editing in vi, just hit the "i" key on your keyboard.


Find this line and uncomment it by removing the ; at beginning of the line:

push "redirect-gateway def1 bypass-dhcp"


Now scroll down a bit to uncomment these lines:

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Then scroll down further to uncomment these lines:

user nobody
group nobody


Once the edits are done, save the file and exit vi.
- To save and exit in vi, just hit the "ESC" key on your keyboard to exit editing mode, then type ":x" (without quotes) and hit enter.


Generate RSA Keys and Certificates Using easy-rsa


OpenVPN requires keys and certificates to authenticate users, so follow these steps to do so:
mkdir -p /etc/openvpn/easy-rsa/keys cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa


Copy the OpenSSL configuration file to the easy-rsa folder:

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf


Now we'll start the build process for the key/certificate. You will be asked to enter various information, so just fill them out to your liking.

cd /etc/openvpn/easy-rsa

 

source ./vars

 

./clean-all

 

./build-ca

 

./build-key-server server


Then generate the Diffie Hellman key exchange files:

./build-dh

 

cd /etc/openvpn/easy-rsa/keys

 

cp dh2048.pem ca.crt server.crt server.key /etc/openvpn


Now create the client ceritificates to allow clients to authenticate with the server:

cd /etc/openvpn/easy-rsa
./build-key client


Configuring iptables and sysctl:
Now to configure your iptables and sysctl to function properly with the VPN:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 104.168.100.156
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
service iptables save


Enable IP forwarding:

vi /etc/sysctl.conf


Set this setting equal to 1:

# net.ipv4.ip_forward = 1


Apply the sysctl settings and start up OpenVPN as well as set it to start up on boot:

sysctl -p
service openvpn start
chkconfig openvpn on


OpenVPN Client for Windows

With your OpenVPN server now online, you'll need to configure your OpenVPN client. You can download it here:
https://openvpn.net/index.php/open-source/downloads.html

First, find the certificate and key files on your server:

Navigate to this directory to find them:

/etc/openvpn/easy-rsa/keys/


These are the files you need:

ca.crt
client.crt
client.key


You will need to paste the contents of each file for the next step. To view each file, simply use the command "vi filename" to view them.


Now create a file on your computer named "client.ovpn" and fill in the following:
- "client" is the name of the user (from when you created the key/certificate)
- replace x.x.x.x with your BeastNode VPS IP
- paste the entire contents of each crt and key file from above as specified in the config

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>


Now all you need to do to connect to your VPN is to go into the OpenVPN client and do the following:
1. Click on the + (plus) symbol next to "Connection Profiles", select "Local file", click on Import, and navigate to the client.ovpn file you made previously.
2. Enter your desired name for the profile and make sure "Completely trust this profile" is checked, then click Save.
3. You should see the newly added profile in the client window - simply click on it to connect to your VPN and you're all done!

To connect to the VPN on Mac OS X, you can download Tunnelblick and create the .ovpn config file as in the steps above and place it in ~/Library/Application Support /Tunnelblick/Configurations

Was this answer helpful?

 Print this Article

Also Read

Protect SSH with Fail2Ban on CentOS 6

Fail2Ban is an SSH security program that blocks SSH brute force attempts on your server (as well...

Securing your VPS

Running a VPS can be risky if you do not go through with some basic security measures before...

How to Use the VPS Serial Console

The VPS serial console allows you to access your cloud VPS server with SSH directly from the back...

How to Install a MySQL Server on your CentOS VPS

Install MySQL on your Linux Server This guide is based on a standard install of CentOS - other...