How to install OpenVPN on CentOS
In this tutorial, we will explain How to install OpenVPN on CentOS.
OpenVPN is open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators(NATs) and firewalls.
Prerequisites
You will need:
- VPS running CentOS
Step 1 – Install OpenVPN
To install OpenVPN, first we need to install EPEL repository.
yum install epel-release
After you will be able to install OpenVPN and OpenSSL.
yum install openvpn openssl
Step 2 – Generate DH parameters
Now genereate DH parameters using this command
openssl dhparam -out /etc/openvpn/dh.pem 2048
And now generate certifcate authority file
openssl genrsa -out /etc/openvpn/ca.key 2048
Give permission to that file:
chmod 600 /etc/openvpn/ca.key
And generate ca.csr and ca.crt files:
openssl req -new -key /etc/openvpn/ca.key -out /etc/openvpn/ca.csr -subj /CN=OpenVPN-CA/
openssl x509 -req -in /etc/openvpn/ca.csr -out /etc/openvpn/ca.crt -signkey /etc/openvpn/ca.key -days 365
echo 01 > /etc/openvpn/ca.srl
Step 3 – Configure OpenVPN
Now its time to configure OpenVPN. Generate server certificate:
openssl genrsa -out /etc/openvpn/server.key 2048
Give premissions to server.key file:
chmod 600 /etc/openvpn/server.key
Now generate server.csr and server.crt files.
openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -subj /CN=OpenVPN/
openssl x509 -req -in /etc/openvpn/server.csr -out /etc/openvpn/server.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 365
After, create configuration file for Open VPN.
nano /etc/openvpn/server.conf
Add lines below and save it:
server 10.8.0.0 255.255.255.0
verb 3
key /etc/openvpn/server.key
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh.pem
keepalive 10 120
persist-key
persist-tun
comp-lzo
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
user nobody
group nogroup
proto udp
port 1194
dev tun1194
status openvpn-status.log
Now enable OpenVPN and start it.
systemctl enable [email protected]
systemctl start [email protected]
Add iptables to your system:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
After, edit sysctl.conf file:
nano /etc/sysctl.conf
And add this line to the end:
net.ipv4.ip_forward=1
Now generate client certificate:
openssl genrsa -out /etc/openvpn/client.key 2048
chmod 600 /etc/openvpn/client.key
openssl req -new -key /etc/openvpn/client.key -out /etc/openvpn/client.csr -subj /CN=OpenVPN-Client/
openssl x509 -req -in /etc/openvpn/client.csr -out /etc/openvpn/client.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 36525
Step 4 – Start OpenVPN
Use this configuration to start VPN client:
client
nobind
dev tun
redirect-gateway def1 bypass-dhcp
remote YOUR_SERVER_IP 1194 udp
comp-lzo yes
duplicate-cn
key /etc/openvpn/client.key
cert /etc/openvpn/client.crt
ca /etc/openvpn/ca.crt
You have successfully installed OpenVPN on CentOS.
Enjoy it.