OpenVPN is an open source virtual private network (VPN) software. Follow the steps below to configure OpenVPN on CentOS:
1. Install dependencies:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
2. Get OpenVPN:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
3. Prepare to install:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
4. Install OpenVPN:
yum install openvpn
5. Copy the OpenVPN directory:
cp -r /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
6. Build SSL keys. When prompted for key information, you can simply press enter to bypass:
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
7. Create the OpenVPN config:
cd /etc/openvpn
vi server.conf
Copy the following sample config into the document, edit the IP address and port to your main IP address and desired port, then press ESC, then :wq and enter to save and exit the document.
local 123.123.123.123 #- change it with your server ip address port 1234 #- change the port you want proto udp #- protocol can be tcp or udp dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status server-tcp.log verb 3
8. Start OpenVPN:
openvpn /etc/openvpn/server.conf
Check that it returns “Initialization Sequence Completed.” If so, press ctrl-c to quit.
9. Setup NAT rules:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 0.0.0.0
(Modify “0.0.0.0” to your server’s IP)
Create a user to login to the VPN with:
useradd username -s /bin/false
passwd username
10. Create an OpenVPN config file on your local machine with name vpn1.ovpn, copy the sample below with your IP and port, and place it in your OpenVPN configurations folder:
client dev tun proto udp remote 123.123.123.123 4567 #- your OPENVPN server ip and port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3
11. Download ca.crt from /etc/openvpn/easy-rsa/2.0/keys to the same OpenVPN configs folder.
12. Start the VPN on the VPS:
openvpn /etc/openvpn/server.conf
Log in to the VPN from your local machine (using OpenVPN or another desktop client) with the username/password you created.