These are my notes on howto install OpenVPN 2 on CentOS 6, more specifically OpenVPN 2.3.2 on CentOS 6.5. My notes build on the DigitalOcean community guide and are accurate as of 25 April 2014. The guide was a helpful starting point but I’ve managed to shorten a couple of the steps and updated some to take into account directories having moved, etc.
To start off you need to be on the console of the server you wish to run OpenVPN on. I ran all of these commands as the root user, you may need to su or sudo as necessary.
- rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
- yum install openvpn -y
- cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
- nano-w /etc/openvpn/server.conf
- Replace
- ;push “redirect-gateway def1 bypass-dhcp”
- push “redirect-gateway def1 bypass-dhcp”
- Add
- push “dhcp-option DNS 8.8.8.8”
- push “dhcp-option DNS 8.8.4.4”
- Replace
- ;user nobody
;group nobody - user nobody
group nobody
- ;user nobody
- Replace
- dh dh1024.pem
- dh dh2048.pem
- Save and exit nano
- Replace
- yum install easy-rsa -y
- mkdir -p /etc/openvpn/easy-rsa/keys
- cp -R /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
- nano-w /etc/openvpn/easy-rsa/vars
- Replace values as necessary
- export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”
export KEY_OU=”MyOrganizationalUnit“
- export KEY_COUNTRY=”US”
- Save and exit nano
- Replace values as necessary
- cd /etc/openvpn/easy-rsa
- source ./vars
- ./clean-all
- ./build-ca
- ./build-key-server server
- ./build-dh
- cd /etc/openvpn/easy-rsa/keys
- cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
- cd /etc/openvpn/easy-rsa
- ./build-key client
- iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0-j MASQUERADE
- if unsure of eth0 (network interface) use ifconfig to look it up first
- service iptables save
- nano-w /etc/sysctl.conf
- Replace
- net.ipv4.ip_forward = 0
- net.ipv4.ip_forward = 1
- Save and exit nano
- Replace
- service openvpn start
- chkconfig openvpn on
- Download the following files to your client
- /etc/openvpn/easy-rsa/keys/ca.crt
- /etc/openvpn/easy-rsa/keys/client.crt
- /etc/openvpn/easy-rsa/keys/client.key
- In same directory on client create client.ovpn
- Insert replacing items in bold as necessary
- client
dev tun
proto udp
remote X.X.X.X 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
- client
- Insert replacing items in bold as necessary
Hope some of you find this useful, any issues please leave a comment.