OpenVPN 2.3.6 on Centos 6

Install Epel repository

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

install openvpn

yum install openvpn nano
cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 server
cd /etc/openvpn/server
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa gen-dh
cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/
cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/
cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/
cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/

Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...)

cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 client1
cd client1
./easyrsa init-pki
./easyrsa gen-req client1 nopass
./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1
./easyrsa sign-req client client1

Enable forwarding

nano /etc/sysctl.conf

Set the following value

net.ipv4.ip_forward = 1

Apply

sysctl -p

Add firewall rules.
Change venet0 to your actual interface.

iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save >/etc/sysconfig/iptables
service iptables restart

Create openvpn conf file

nano /etc/openvpn/server.conf

Paste the following lines

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Start openvpn

service openvpn start
chkconfig openvpn on
chkconfig iptables on

 


The files you will need on a client side:

/etc/openvpn/client/pki/private/client1.key
/etc/openvpn/server/pki/issued/client1.crt
/etc/openvpn/server/pki/ca.crt
/etc/openvpn/server/pki/dh.pem

How to configure OpenVPN client on Windows

 

 

  • Add user (cert) to existent OpenVPN users DB:

You simply should source the vars before creating the key . Use one of the next ways:

". vars" 

or

". ./vars" 

or

"source ./vars"

After that you can build key for new user:

./build-key client_new

 


Also refer to this guide if you would like to install double vpn

Was this answer helpful?

 Print this Article

Also Read

Disabling selinux

Selinux annoying you? Get it out! How to disable selinux Open its config file nano...

Epel Centos

Some packages are missing from the base repository. This guide shows how to install RHEL EPEL...

Create OpenVPN client

The following instructions are for those VPSGet customers who have installed OpenVPN...

Sendmail [25: Connection refused] fix

If you can't receive email from the outside and got next error:  (Delivery Status Notification...

How to check connectivity/network speed of your VPS

If you concerned about network speed of your vps you can test it by downloading some test...