Install OpenVPN on CentOS VPS

0
1155

OpenVPN is an open source virtual private network (VPN) software. Follow the steps below to configure OpenVPN on CentOS:
1. Install dependencies:

Code:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

2. Get OpenVPN:

Code:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Code:
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

3. Prepare to install:

Code:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
Code:
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
Code:
 rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

4. Install OpenVPN:

Code:
yum install openvpn

5. Copy the OpenVPN directory:

Code:
cp -r /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/

6. Build SSL keys. When prompted for key information, you can simply press enter to bypass:

Code:
cd /etc/openvpn/easy-rsa/2.0
Code:
chmod 755 *
Code:
source ./vars
Code:
./vars
Code:
./clean-all
Code:
./build-ca
Code:
./build-key-server server
Code:
./build-dh

7. Create the OpenVPN config:

Code:
cd /etc/openvpn
Code:
vi server.conf

Copy the following sample config into the document, edit the IP address and port to your main IP address and desired port, then press ESC, then :wq and enter to save and exit the document.

Code:
 local 123.123.123.123 #- change it with your server ip address

    port 1234 #- change the port you want

    proto udp #- protocol can be tcp or udp

    dev tun

    tun-mtu 1500

    tun-mtu-extra 32

    mssfix 1450

    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt

    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt

    key /etc/openvpn/easy-rsa/2.0/keys/server.key

    dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

    plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login

    client-cert-not-required

    username-as-common-name

    server 10.8.0.0 255.255.255.0

    push "redirect-gateway def1"

    push "dhcp-option DNS 208.67.222.222"

    push "dhcp-option DNS 4.2.2.1"

    keepalive 5 30

    comp-lzo

    persist-key

    persist-tun

    status server-tcp.log

    verb 3

8. Start OpenVPN:

Code:
   openvpn /etc/openvpn/server.conf

Check that it returns “Initialization Sequence Completed.” If so, press ctrl-c to quit.

9. Setup NAT rules:

Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
Code:
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 0.0.0.0

(Modify “0.0.0.0” to your server’s IP)

Create a user to login to the VPN with:

Code:
    useradd username -s /bin/false
Code:
passwd username

10. Create an OpenVPN config file on your local machine with name vpn1.ovpn, copy the sample below with your IP and port, and place it in your OpenVPN configurations folder:

Code:
    client

    dev tun

    proto udp

    remote 123.123.123.123 4567 #- your OPENVPN server ip and port

    resolv-retry infinite

    nobind

    tun-mtu 1500

    tun-mtu-extra 32

    mssfix 1450

    persist-key

    persist-tun

    ca ca.crt

    auth-user-pass

    comp-lzo

    verb 3

11. Download ca.crt from /etc/openvpn/easy-rsa/2.0/keys to the same OpenVPN configs folder.

12. Start the VPN on the VPS:

Code:
    openvpn /etc/openvpn/server.conf

Log in to the VPN from your local machine (using OpenVPN or another desktop client) with the username/password you created.

Leave A Reply

Please enter your comment!
Please enter your name here