Installing OpenVPN On CentOS

In this guide we will show you how to setup OpenVPN on centos – the guide will give you a fully working OpenVPN installation, NOT TESTED ON OTHER DISTROS..

First step is to check if tun/tap is active:

cat /dev/net/tun

If tun is active then you should see this:

cat: /dev/net/tun: File descriptor in bad state

Make sure you have these packages installed:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

Download LZO RPM and Configure RPMForge Repo:

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

32bit Package:

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

CentOS 6:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm

64bit Package:

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

CentOS 6:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

Build the rpm packages:

rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*

Install OpenVPN:

yum install openvpn

Copy the easy-rsa folder to /etc/openvpn/:

cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/

Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line:

Change:

export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

To:

export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

And save..

Now let’s create the certificate:

cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all

Build CA:

./build-ca
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter

Build key server:

./build-key-server server
Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y

Build Diffie Hellman (wait a moment until the process finish):

./build-dh

Now create your config file:

touch /etc/openvpn/server.conf

And enter the following:

local 123.123.123.123 #- your_server_ip goes here
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

Save it and start OpenVPN:

service openvpn start

ow we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.

net.ipv4.ip_forward = 1

To make the changes to sysctl.conf take effect, use the following command.

sysctl -p

Route Iptables:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

If you are using our FreeRADIUS module for WHMCS then you don’t have to do this step – otherwise you can create a user as follows:

useradd username -s /bin/false
passwd username

If you wanted to delete a user you would use:

userdel username

Now create a server.ovpn config file and enter the following:

client
dev tun
proto udp
remote 64.250.116.114 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it in the same directory as your server.ovpn.

Now download a VPN client and import your config file and enter your username and password created above or if you have already configured OpeVPN Source with the FreeRADIUS plugin, use a username and password created in the radius database.

You can now follow the guide to configure OpenVPN source with FreeRADIUS.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>