Howto install OpenVPN 2 on CentOS 6

These are my notes on howto install OpenVPN 2 on CentOS 6, more specifically OpenVPN 2.3.2 on CentOS 6.5. My notes build on the DigitalOcean community guide and are accurate as of 25 April 2014. The guide was a helpful starting point but I’ve managed to shorten a couple of the steps and updated some to take into account directories having moved, etc.

To start off you need to be on the console of the server you wish to run OpenVPN on. I ran all of these commands as the root user, you may need to su or sudo as necessary.

  1. rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
  4. nano-w /etc/openvpn/server.conf
    1. Replace
      1. ;push “redirect-gateway def1 bypass-dhcp”
      2. push “redirect-gateway def1 bypass-dhcp”
    2. Add
      1. push “dhcp-option DNS 8.8.8.8”
      2. push “dhcp-option DNS 8.8.4.4”
    3. Replace
      1. ;user nobody
        ;group nobody
      2. user nobody
        group nobody
    4. Replace
      1. dh dh1024.pem
      2. dh dh2048.pem
    5. Save and exit nano
  5. yum install easy-rsa -y
  6. mkdir -p /etc/openvpn/easy-rsa/keys
  7. cp -R /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
  8. nano-w /etc/openvpn/easy-rsa/vars
    1. Replace values as necessary
      1. export KEY_COUNTRY=”US
        export KEY_PROVINCE=”CA
        export KEY_CITY=”SanFrancisco
        export KEY_ORG=”Fort-Funston
        export KEY_EMAIL=”me@myhost.mydomain
        export KEY_OU=”MyOrganizationalUnit
    2. Save and exit nano
  9. cd /etc/openvpn/easy-rsa
  10. source ./vars
  11. ./clean-all
  12. ./build-ca
  13. ./build-key-server server
  14. ./build-dh
  15. cd /etc/openvpn/easy-rsa/keys
  16. cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
  17. cd /etc/openvpn/easy-rsa
  18. ./build-key client
  19. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0-j MASQUERADE
    1. if unsure of eth0 (network interface) use ifconfig to look it up first
  20. service iptables save
  21. nano-w /etc/sysctl.conf
    1. Replace
      1. net.ipv4.ip_forward = 0
      2. net.ipv4.ip_forward = 1
    2. Save and exit nano
  22. service openvpn start
  23. chkconfig openvpn on
  24. Download the following files to your client
    1. /etc/openvpn/easy-rsa/keys/ca.crt
    2. /etc/openvpn/easy-rsa/keys/client.crt
    3. /etc/openvpn/easy-rsa/keys/client.key
  25. In same directory on client create client.ovpn
    1. Insert replacing items in bold as necessary
      1. client
        dev tun
        proto udp
        remote X.X.X.X 1194
        resolv-retry infinite
        nobind
        persist-key
        persist-tun
        comp-lzo
        verb 3
        <ca>
        Contents of ca.crt
        </ca>
        <cert>
        Contents of client.crt
        </cert>
        <key>
        Contents of client.key
        </key>

Hope some of you find this useful, any issues please leave a comment.

Time for a rookie mistake

As with all these learning things we do in life it is time for a rookie mistake to be made and I have made it. Following on from my Starting from scratch with CentOS 6 post I discovered today what can only be called a complete and utter fail in thinking on my latest VPS. That fail of thinking was…

I DID NOT REMEMBER TO SET THE TIMEZONE

Thankfully this wasn’t a difficult mistake to rectify and after a couple of seconds on google I stumbled upon how2centOS who very simply explain the process required. So now my updated starting from scratch commands are:

yum install http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm -y
yum clean all -y
yum update -y
yum install nano -y
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime

I’ll just have to keep reminding myself that if I want to get good I’ll have to make the rookie mistakes to start with!

Starting from scratch with CentOS 6

As part of my current experiments with VPS servers, here are my notes on starting from scratch with CentOS 6.  This is the standard set of commands that I now run when I’ve wiped a VPS to try the next experiment on it.  I only run them on 64-bit CentOS 6 though so if they don’t work on 32-bit CentoOS 6 then don’t come crying to me!

yum install http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm -y
yum clean all -y
yum update -y
yum install nano -y

By way of explanation my logic for the above commands is that they install the Extra Packages for Enterprise Linux (EPEL) repository, fully clean out the package manager, bring everything on the system up to date and then install my preferred command line text editor.

Messing with CentOS6 on MiniVPS

So, the clock ticked on and we arrived at renewal time for the Real Private Server [RPS] which I’ve had for a couple of years with OVH.  The RPS hadn’t been performing well recently which was starting annoy me.  It also didn’t help that the Release 2 operating system by OVH is based on Gentoo which fairly well excluded any possibility of me being able to tinker with it successfully.

So, after a visit to LowEndBox I decided to take out a Virtual Private Server [VPS] with MiniVPS as it seemed like an inexpensive way of keeping a web-based server box that I could tinker with and break as much as I wanted because I’d already moved all the important stuff (websites, DNS, mail, etc) elsewhere.

After picking a new domain name that I could break repeatedly I signed up with MiniVPS.  Within minutes the VPS was up and running with 64-bit CentOS6.  It was time to begin my introduction to CentOS6 the hard way!

First port of call, install remote administration software that would make my life easier on a day-to-day basis (everybody loves a web interface).  I’d encountered Webmin before because it was installed on the OVH RPS so it seemed like a logical place to start.  After some reading it seemed that I needed to install the YUM repository to accomplish my goal.  Well, that was easier said than done.  Not because installing the repository was difficult but because my favourite command line editor GNU Nano wasn’t installed. After a few minutes searching I hit upon

yum install nano

which after using putty to SSH into the box worked like a charm. For a follow-up the necessary repo content was added using

nano /etc/yum.repos.d/webmin.repo

and after following the remaining instructions on the Webmin site. After about 10 minutes I was able to hit

yum install webmin

and voilà, job done. So far so good!