How to install OpenVPN on CentOS

In this tutorial, we will explain How to install OpenVPN on CentOS.

OpenVPN is open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators(NATs) and firewalls.

Prerequisites

You will need:

• VPS running CentOS

Step 1 – Install OpenVPN

To install OpenVPN, first we need to install EPEL repository.

yum install epel-release

After you will be able to install OpenVPN and OpenSSL.

yum install openvpn openssl

Step 2 – Generate DH parameters

Now genereate DH parameters using this command

openssl dhparam -out /etc/openvpn/dh.pem 2048

And now generate certifcate authority file

openssl genrsa -out /etc/openvpn/ca.key 2048

Give permission to that file:

chmod 600 /etc/openvpn/ca.key

And generate ca.csr and ca.crt files:

openssl req -new -key /etc/openvpn/ca.key -out /etc/openvpn/ca.csr -subj /CN=OpenVPN-CA/

openssl x509 -req -in /etc/openvpn/ca.csr -out /etc/openvpn/ca.crt -signkey /etc/openvpn/ca.key -days 365

echo 01 > /etc/openvpn/ca.srl

Step 3 – Configure OpenVPN

Now its time to configure OpenVPN. Generate server certificate:

openssl genrsa -out /etc/openvpn/server.key 2048

Give premissions to server.key file:

chmod 600 /etc/openvpn/server.key

Now generate server.csr and server.crt files.

openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -subj /CN=OpenVPN/

openssl x509 -req -in /etc/openvpn/server.csr -out /etc/openvpn/server.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 365

After, create configuration file for Open VPN.

nano /etc/openvpn/server.conf

Add lines below and save it:

server 10.8.0.0 255.255.255.0
verb 3
key /etc/openvpn/server.key
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh.pem
keepalive 10 120
persist-key
persist-tun
comp-lzo
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”

user nobody
group nogroup

proto udp
port 1194
dev tun1194
status openvpn-status.log

Now enable OpenVPN and start it.

systemctl enable [email protected]
systemctl start [email protected]

Add iptables to your system:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

After, edit sysctl.conf file:

nano /etc/sysctl.conf

And add this line to the end:

net.ipv4.ip_forward=1

Now generate client certificate:

openssl genrsa -out /etc/openvpn/client.key 2048
chmod 600 /etc/openvpn/client.key

openssl req -new -key /etc/openvpn/client.key -out /etc/openvpn/client.csr -subj /CN=OpenVPN-Client/

openssl x509 -req -in /etc/openvpn/client.csr -out /etc/openvpn/client.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 36525

Step 4 – Start OpenVPN

Use this configuration to start VPN client:

client
nobind
dev tun
redirect-gateway def1 bypass-dhcp
remote YOUR_SERVER_IP 1194 udp
comp-lzo yes
duplicate-cn

key /etc/openvpn/client.key
cert /etc/openvpn/client.crt
ca /etc/openvpn/ca.crt

You have successfully installed OpenVPN on CentOS.

Enjoy it.