Need a Minecraft server? BeastNode offers the highest performance servers with DDoS protection!

Shop for plans now

How to Install and Configure an OpenVPN Server on CentOS 6

This guide will provide you with all the steps necessary to install a simple OpenVPN server on CentOS 6.

First, login to the SolusVM control panel for your VPS and enable TUN/TAP from the settings menu.

Now, SSH into your VPS where you'll need to install the Enterprise Linux (EPEL) repository:

yum install -y epel-release

Then install OpenVPN:

yum install -y openvpn easy-rsa

Copy the sample configs to make editing it easier:

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Open the config file to edit with the required settings:

vi /etc/openvpn/server.conf

- To enable editing in vi, just hit the "i" key on your keyboard.

Find this line and uncomment it by removing the ; at beginning of the line:

push "redirect-gateway def1 bypass-dhcp"

Now scroll down a bit to uncomment these lines:

push "dhcp-option DNS"
push "dhcp-option DNS"

Then scroll down further to uncomment these lines:

user nobody
group nobody

Once the edits are done, save the file and exit vi.
- To save and exit in vi, just hit the "ESC" key on your keyboard to exit editing mode, then type ":x" (without quotes) and hit enter.

Generate RSA Keys and Certificates Using easy-rsa

OpenVPN requires keys and certificates to authenticate users, so follow these steps to do so:
mkdir -p /etc/openvpn/easy-rsa/keys cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

Copy the OpenSSL configuration file to the easy-rsa folder:

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

Now we'll start the build process for the key/certificate. You will be asked to enter various information, so just fill them out to your liking.

cd /etc/openvpn/easy-rsa


source ./vars






./build-key-server server

Then generate the Diffie Hellman key exchange files:



cd /etc/openvpn/easy-rsa/keys


cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

Now create the client ceritificates to allow clients to authenticate with the server:

cd /etc/openvpn/easy-rsa
./build-key client

Configuring iptables and sysctl:
Now to configure your iptables and sysctl to function properly with the VPN:

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s -j SNAT --to-source
iptables -A FORWARD -s -j ACCEPT
service iptables save

Enable IP forwarding:

vi /etc/sysctl.conf

Set this setting equal to 1:

# net.ipv4.ip_forward = 1

Apply the sysctl settings and start up OpenVPN as well as set it to start up on boot:

sysctl -p
service openvpn start
chkconfig openvpn on

OpenVPN Client for Windows

With your OpenVPN server now online, you'll need to configure your OpenVPN client. You can download it here:

First, find the certificate and key files on your server:

Navigate to this directory to find them:


These are the files you need:


You will need to paste the contents of each file for the next step. To view each file, simply use the command "vi filename" to view them.

Now create a file on your computer named "client.ovpn" and fill in the following:
- "client" is the name of the user (from when you created the key/certificate)
- replace x.x.x.x with your BeastNode VPS IP
- paste the entire contents of each crt and key file from above as specified in the config

dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
verb 3
Contents of ca.crt
Contents of client.crt
Contents of client.key

Now all you need to do to connect to your VPN is to go into the OpenVPN client and do the following:
1. Click on the + (plus) symbol next to "Connection Profiles", select "Local file", click on Import, and navigate to the client.ovpn file you made previously.
2. Enter your desired name for the profile and make sure "Completely trust this profile" is checked, then click Save.
3. You should see the newly added profile in the client window - simply click on it to connect to your VPN and you're all done!

To connect to the VPN on Mac OS X, you can download Tunnelblick and create the .ovpn config file as in the steps above and place it in ~/Library/Application Support /Tunnelblick/Configurations

Was this answer helpful?

 Print this Article

Also Read

Protect SSH with Fail2Ban on CentOS 6

Fail2Ban is an SSH security program that blocks SSH brute force attempts on your server (as well...

Securing your VPS

Running a VPS can be risky if you do not go through with some basic security measures before...

How to Use the VPS Serial Console

The VPS serial console allows you to access your cloud VPS server with SSH directly from the back...

How to Install a MySQL Server on your CentOS VPS

Install MySQL on your Linux Server This guide is based on a standard install of CentOS - other...