Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
-----
Step 1: Enable EPEL repository
On CentOS 6:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install epel-release
Step 2: Install and configure OpenVPN
yum install -y openvpn easy-rsa
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
vi /etc/openvpn/server.conf
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
Step 3: Generate OpenVPN key and certificates
Create a folder to store the key and certificates in, copy the key generation script and openssl.cnf with this command:
mkdir -p /etc/openvpn/easy-rsa/keys && cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa && cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
vi /etc/openvpn/easy-rsa/vars
export KEY_COUNTRY="NL"
export KEY_PROVINCE="FL"
export KEY_CITY="Amsterdam"
export KEY_ORG="QuickServers"
export KEY_EMAIL="admin@quickservers.com"
export KEY_OU="IT"
export KEY_NAME="server"
export KEY_CN=openvpn.quickservers.com
cd /etc/openvpn/easy-rsa && source ./vars && ./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys && cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa && ./build-key client
Step 4 for CentOS 6: Add iptables rule
Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
service iptables save
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
Step 4 for CentOS 7: Install iptables-services and add iptables rule
Execute these commands:
yum install -y iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
Step 5: Start OpenVPN
Last command; start OpenVPN!
service network restart
service openvpn start
And now?
You need to install the OpenVPN client on your PC or Mac.
Windows: http://openvpn.net/index.php/open-source/downloads.html
Mac: https://code.google.com/p/tunnelblick/
client
dev tun
proto udp
remote vpn.quickservers.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
< ca>
-----BEGIN CERTIFICATE-----
MIIEtzCCA5+gAwIBAgIJAKdTKTrDcEmpMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
VQQGEwJOTDELMAkGA1UECBMCRkwxDzANBgNVBAcTBkFsbWVyZTERMA8GA1UEChMI
-----END CERTIFICATE-----
< /ca>
< cert>
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwx
CzAJBgNVBAgTAkZMMQ8wDQYDVQQHEwZBbG1lcmUxETAPBgNVBAoTCEVub3JtYWls
-----END CERTIFICATE-----
< /cert>
< key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7N5Bd12XYuDBz
lWmyaGsuRbf3k0gQuRwzO88pqSdflrhEb036gfPIIv5SQrEPZ+2fLqbqQqg+weQS
-----END PRIVATE KEY-----
< /key>
-----------------------------
---