OpenVPN 2.3.6 on Centos 6

Install Epel repository

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

install openvpn

yum install openvpn nano
cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 server
cd /etc/openvpn/server
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa gen-dh
cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/
cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/
cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/
cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/

Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...)

cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 client1
cd client1
./easyrsa init-pki
./easyrsa gen-req client1 nopass
./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1
./easyrsa sign-req client client1

Enable forwarding

nano /etc/sysctl.conf

Set the following value

net.ipv4.ip_forward = 1

Apply

sysctl -p

Add firewall rules.
Change venet0 to your actual interface.

iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save >/etc/sysconfig/iptables
service iptables restart

Create openvpn conf file

nano /etc/openvpn/server.conf

Paste the following lines

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Start openvpn

service openvpn start
chkconfig openvpn on
chkconfig iptables on

 


The files you will need on a client side:

/etc/openvpn/client/pki/private/client1.key
/etc/openvpn/server/pki/issued/client1.crt
/etc/openvpn/server/pki/ca.crt
/etc/openvpn/server/pki/dh.pem

How to configure OpenVPN client on Windows

 

 

  • Add user (cert) to existent OpenVPN users DB:

You simply should source the vars before creating the key . Use one of the next ways:

". vars" 

or

". ./vars" 

or

"source ./vars"

After that you can build key for new user:

./build-key client_new

 


Also refer to this guide if you would like to install double vpn

Was this answer helpful?

 Print this Article

Also Read

Epel Centos

Some packages are missing from the base repository. This guide shows how to install RHEL EPEL...

Sendmail [25: Connection refused] fix

If you can't receive email from the outside and got next error:  (Delivery Status Notification...

Security tips for Linux server

1. Use only  strong passwords for all accounts , especially for root. Always use a secure root...

Adding a new disk drive to Centos 6

Installing a new HDD The disk drives in Centos is named hd* or sd*. In system with only one...

FreePBX

FreePBX is an open source GUI (graphical user interface) that controls and manages Asterisk (PBX)...