OpenVPN 2.3.6 on Centos 6

Install Epel repository

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

install openvpn

yum install openvpn nano
cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 server
cd /etc/openvpn/server
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa gen-dh
cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/
cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/
cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/
cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/

Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...)

cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 client1
cd client1
./easyrsa init-pki
./easyrsa gen-req client1 nopass
./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1
./easyrsa sign-req client client1

Enable forwarding

nano /etc/sysctl.conf

Set the following value

net.ipv4.ip_forward = 1

Apply

sysctl -p

Add firewall rules.
Change venet0 to your actual interface.

iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save >/etc/sysconfig/iptables
service iptables restart

Create openvpn conf file

nano /etc/openvpn/server.conf

Paste the following lines

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Start openvpn

service openvpn start
chkconfig openvpn on
chkconfig iptables on

 


The files you will need on a client side:

/etc/openvpn/client/pki/private/client1.key
/etc/openvpn/server/pki/issued/client1.crt
/etc/openvpn/server/pki/ca.crt
/etc/openvpn/server/pki/dh.pem

How to configure OpenVPN client on Windows

 

 

  • Add user (cert) to existent OpenVPN users DB:

You simply should source the vars before creating the key . Use one of the next ways:

". vars"

or

". ./vars"

or

"source ./vars"

After that you can build key for new user:

./build-key client_new

 


Also refer to this guide if you would like to install double vpn

Was this answer helpful?

 Print this Article

Also Read

OpenVPN Access Server

§  Install OpenVPN Access Server Be sure that you are using a clean system and no...

Dovecot /postfix with Roundcube WebUI

Following guide was tested on CentOS 6. Install epel repository: wget...

Set hostname

Set host name on Centos: /etc/sysconfig/network   HOSTNAME="mycomputer"...

Asteriks +TLS+RSTP Encrypt on centos

IN PROGRESS! this guide was gathered from official asteriks wikies...

Oracle 11g EX on Centos 6 x64 vps

We describe how to install Oracle 11g Express on Centos 6 x86_64 Openvz VPS. First of all you...