Embedded Files
Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
-----
INSTALL OPENVPN ON CENTOS LINUX (6 AND 7)
INSTALL OPENVPN ON CENTOS LINUX (6 AND 7)
Step 1: Enable EPEL repository
On CentOS 6:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
On CentOS 7:
On CentOS 7:
yum install epel-release
Step 2: Install and configure OpenVPN
yum install -y openvpn easy-rsa
Copy the sample.conf to /etc/openvpn as starting point for our own config file.
Copy the sample.conf to /etc/openvpn as starting point for our own config file.
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
Now, let's change the configuration file.
Now, let's change the configuration file.
vi /etc/openvpn/server.conf
Uncomment the following lines and make them look like as below:
Uncomment the following lines and make them look like as below:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
Step 3: Generate OpenVPN key and certificates
Create a folder to store the key and certificates in, copy the key generation script and openssl.cnf with this command:
mkdir -p /etc/openvpn/easy-rsa/keys && cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa && cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Now, we're going to open en change /etc/openvpn/easy-rsa/vars:
Now, we're going to open en change /etc/openvpn/easy-rsa/vars:
vi /etc/openvpn/easy-rsa/vars
Find (and uncomment when commented) these lines and change them with your own information.
Find (and uncomment when commented) these lines and change them with your own information.
export KEY_COUNTRY="NL"
export KEY_PROVINCE="FL"
export KEY_CITY="Amsterdam"
export KEY_ORG="QuickServers"
export KEY_EMAIL="admin@quickservers.com"
export KEY_OU="IT"
Change KEY_NAME to "server". Do not change it to something else since we use 'server' also in other commands in this tutorial.
Change KEY_NAME to "server". Do not change it to something else since we use 'server' also in other commands in this tutorial.
export KEY_NAME="server"
Change KEY_CN to a subdomain resolving to the IP address of your server.
Change KEY_CN to a subdomain resolving to the IP address of your server.
export KEY_CN=openvpn.quickservers.com
Now we're going to generate all keys and certificates. As we specifed all variables already in /etc/openvpn/easy-rsa/vars, just press ENTER on each question.
Now we're going to generate all keys and certificates. As we specifed all variables already in /etc/openvpn/easy-rsa/vars, just press ENTER on each question.
cd /etc/openvpn/easy-rsa && source ./vars && ./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys && cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa && ./build-key client
Step 4 for CentOS 6: Add iptables rule
Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
Save the new firewall rule
Save the new firewall rule
service iptables save
Then we must enable IP forwarding in sysctl. Open sysctl.conf:
Then we must enable IP forwarding in sysctl. Open sysctl.conf:
vi /etc/sysctl.conf
Locate the line 'net.ipv4.ip_forward = 0' and change it to:
Locate the line 'net.ipv4.ip_forward = 0' and change it to:
net.ipv4.ip_forward = 1
Step 4 for CentOS 7: Install iptables-services and add iptables rule
Execute these commands:
yum install -y iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush
Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.
Add this rule to allow VPN traffic go through. Change 'venet0' to your main network adapter name. In most cases this is venet0 or eth0.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
Save the new firewall rule
Save the new firewall rule
iptables-save > /etc/sysconfig/iptables
Then we must enable IP forwarding in sysctl. Open sysctl.conf:
Then we must enable IP forwarding in sysctl. Open sysctl.conf:
vi /etc/sysctl.conf
Locate the line with net.ipv4.ip_forward = 0 and change it to:
Locate the line with net.ipv4.ip_forward = 0 and change it to:
net.ipv4.ip_forward = 1
Step 5: Start OpenVPN
Last command; start OpenVPN!
service network restart
service openvpn start
Your OpenVPN server is now installed and running on your CentOS server.
Your OpenVPN server is now installed and running on your CentOS server.
And now?
You need to install the OpenVPN client on your PC or Mac.
Windows: http://openvpn.net/index.php/open-source/downloads.html
Mac: https://code.google.com/p/tunnelblick/
And you need a myvpn.ovpn file, which has this content:
And you need a myvpn.ovpn file, which has this content:
client
dev tun
proto udp
remote vpn.quickservers.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
< ca>
-----BEGIN CERTIFICATE-----
MIIEtzCCA5+gAwIBAgIJAKdTKTrDcEmpMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
VQQGEwJOTDELMAkGA1UECBMCRkwxDzANBgNVBAcTBkFsbWVyZTERMA8GA1UEChMI
-----END CERTIFICATE-----
< /ca>
< cert>
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwx
CzAJBgNVBAgTAkZMMQ8wDQYDVQQHEwZBbG1lcmUxETAPBgNVBAoTCEVub3JtYWls
-----END CERTIFICATE-----
< /cert>
< key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7N5Bd12XYuDBz
lWmyaGsuRbf3k0gQuRwzO88pqSdflrhEb036gfPIIv5SQrEPZ+2fLqbqQqg+weQS
-----END PRIVATE KEY-----
< /key>
Double click on this file to start OpenVPN.
Double click on this file to start OpenVPN.
-----------------------------
---
Page updated
Google Sites
Report abuse