-----

 INSTALL OPENVPN ON CENTOS LINUX (6 AND 7)

Step 1: Enable EPEL repository

On CentOS 6:

• rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

On CentOS 7:

• yum install epel-release

Step 2: Install and configure OpenVPN

• yum install -y openvpn easy-rsa

Copy the sample.conf to /etc/openvpn as starting point for our own config file.

• cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Now, let's change the configuration file.

• vi /etc/openvpn/server.conf

Uncomment the following lines and make them look like as below:

• push "redirect-gateway def1 bypass-dhcp"

• push "dhcp-option DNS 8.8.8.8" 

• push "dhcp-option DNS 8.8.4.4"

Step 3: Generate OpenVPN key and certificates

Create a folder to store the key and certificates in, copy the key generation script and openssl.cnf with this command:

• mkdir -p /etc/openvpn/easy-rsa/keys && cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa && cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

Now, we're going to open en change /etc/openvpn/easy-rsa/vars:

• vi /etc/openvpn/easy-rsa/vars

Find (and uncomment when commented) these lines and change them with your own information.

• export KEY_COUNTRY="NL" 

• export KEY_PROVINCE="FL" 

• export KEY_CITY="Amsterdam" 

• export KEY_ORG="QuickServers" 

• export KEY_EMAIL="admin@quickservers.com" 

• export KEY_OU="IT"

Change KEY_NAME to "server". Do not change it to something else since we use 'server' also in other commands in this tutorial.

• export KEY_NAME="server"

Change KEY_CN to a subdomain resolving to the IP address of your server.

• export KEY_CN=openvpn.quickservers.com

Now we're going to generate all keys and certificates. As we specifed all variables already in /etc/openvpn/easy-rsa/vars, just press ENTER on each question.

• cd /etc/openvpn/easy-rsa && source ./vars && ./clean-all

• ./build-ca

• ./build-key-server server

• ./build-dh

• cd /etc/openvpn/easy-rsa/keys && cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

• cd /etc/openvpn/easy-rsa && ./build-key client

Step 4 for CentOS 6: Add iptables rule

Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.

• iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

Save the new firewall rule

• service iptables save

Then we must enable IP forwarding in sysctl. Open sysctl.conf:

• vi /etc/sysctl.conf

Locate the line 'net.ipv4.ip_forward = 0' and change it to:

• net.ipv4.ip_forward = 1

Step 4 for CentOS 7: Install iptables-services and add iptables rule

Execute these commands:

• yum install -y iptables-services 

• systemctl mask firewalld 

• systemctl enable iptables 

• systemctl stop firewalld 

• systemctl start iptables 

• iptables --flush

Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.

• iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

Save the new firewall rule

• iptables-save > /etc/sysconfig/iptables

Then we must enable IP forwarding in sysctl. Open sysctl.conf:

• vi /etc/sysctl.conf

Locate the line with net.ipv4.ip_forward = 0 and change it to:

• net.ipv4.ip_forward = 1

Step 5: Start OpenVPN

Last command; start OpenVPN!

• service network restart

• service openvpn start

Your OpenVPN server is now installed and running on your CentOS server.

And now?

You need to install the OpenVPN client on your PC or Mac.

• Windows: http://openvpn.net/index.php/open-source/downloads.html

• Mac: https://code.google.com/p/tunnelblick/

And you need a myvpn.ovpn file, which has this content:

• client 

• dev tun 

• proto udp 

• remote vpn.quickservers.com 1194 

• resolv-retry infinite 

• nobind 

• persist-key 

• persist-tun 

• comp-lzo 

• verb 3 

• < ca>

• -----BEGIN CERTIFICATE-----

• MIIEtzCCA5+gAwIBAgIJAKdTKTrDcEmpMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD

• VQQGEwJOTDELMAkGA1UECBMCRkwxDzANBgNVBAcTBkFsbWVyZTERMA8GA1UEChMI

• -----END CERTIFICATE-----

• < /ca>

• < cert>

• -----BEGIN CERTIFICATE-----

• MIIE9TCCA92gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwx

• CzAJBgNVBAgTAkZMMQ8wDQYDVQQHEwZBbG1lcmUxETAPBgNVBAoTCEVub3JtYWls

• -----END CERTIFICATE-----

• < /cert>

• < key>

• -----BEGIN PRIVATE KEY-----

• MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7N5Bd12XYuDBz

• lWmyaGsuRbf3k0gQuRwzO88pqSdflrhEb036gfPIIv5SQrEPZ+2fLqbqQqg+weQS

• -----END PRIVATE KEY-----

• < /key>

Double click on this file to start OpenVPN.

-----------------------------

---