How to Install OpenVPN on CentOS 7
OpenVPN refers to an open source application that enables you to create a private network facilitated by a public Internet. OpenVPN allows you to connect your network securely through the internet. Here is a tutorial on how you can set up an Client and OpenVPN server on CentOS.
1. Root device
2. Server with CentOS 7
This tutorial will cover the following;
1. How to add epel-repository in CentOS.
2. How to install OpenVPN, iptables, and easy-rsa.
3. Configuring easy-rsa.
4. Configuring OpenVPN.
5. How to disable SELinux and firewalld.
6. Configuring iptables for OpenVPN.
7. How to start OpenVPN Server.
8. How to set up the OpenVPN client application.
Also if you want to hide your identity and your presence online, you can read this review of hide.me here.
Let’s get down to our real business here:
Enabling the Epel-Repository
yum -y install epel-repository
How to install open vpn, iptables, and easy-rsa
yum -y install openvpn easy-rsa iptables-services
To configure this CLI utility, you’ll need to generate several keys and certificates including:
1. Certificate Authority (CA)
2. Server Key and Certificate
4. Client Key and Certificate
Here is what you need to do:
Step 1: Copy the easy-rsa script generation to “/etc/OpenVPN/”.
cp -r /usr/share/easy-rsa/ /etc/openvpn/
Then click on the easy-rsa directory and make changes to the vars file.
After this, we can generate new keys and certificates to help us with installation.
Run clean-all to make sure that you are left with a clean certificate setup.
Now it’s time to generate a certificate authority (ca). Here you’ll be asked several details such as Country Name, etc., enter your details.
This command will create a ca.key and ca.crt in the /etc/OpenVPN/easy-rsa/2.0/keys/ directory.
Step 2: Generating a Server Key and Certificate
You need to run the command “build-key-server server” in the existing directory.
Step 3: Building a Diffie-Hellman Key Exchange
Execute this build-dh command:
It might take some time to generate these files. The waiting time depends on the KEY_SIZE you have set on the file vars.
Step 4: Generating Client Key and Certificate
Step 5: Move or copy the `keys/` directory to `/etc/opennvpn`.
cp -r keys/ /etc/openvpn/
You can either copy an OpenVPN configuration or create one from scratch. You can copy it from /usr/share/doc/openvpn-2.3.6/sample/sample-config-files.
Here is how you can create one:
Paste this configurations
#change with your port
#You can use udp or tcp
# “dev tun” will create a routed IP tunnel.
#Server Key and keep this is secret
#See the size a dh key in /etc/openvpn/keys/
#Internal IP will get when already connect
server 192.168.200.0 255.255.255.0
#this line will redirect all traffic through our OpenVPN
push “redirect-gateway def1”
#Provide DNS servers to the client, you can use goolge DNS
push “dhcp-option DNS 220.127.116.11”
push “dhcp-option DNS 18.104.22.168”
#Enable multiple client to connect with same key
keepalive 20 60
Now you need to create a new folder for the log file.
mkdir -p /var/log/myvpn/
How to Disable Selinux and Firewalld
Step 1: disabling firewalld
systemctl mask firewalld
systemctl stop firewalld
Step 2: Disabling SELinux
Ensure you make SELINUX as disabled.
Now reboot your server to incorporate the changes.
Configure Routing and Iptables
Step 1: you need to enable iptables
systemctl enable iptables
systemctl start iptables
Step 2: Add iptable-rule so as to forward the routing to our OpenVPN subnet.
iptables -t nat -A POSTROUTING -s 192.168.200.024 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptablesvpn
Step 3: Now enable port forwarding
Then add this to the end of the line:
net.ipv4.ip_forward = 1.
Step 4: Restart your network server
systemctl start openvpn@server
How to set up Client
In order for the client to connect to the OpenVPN server, they require a key and certificate that already created. You can download the three files from your serving using SCP or SFTP:
If you are using a Windows Client, you can copy the files using WinSCP. Then create a new file known as client.ovpn and paste the configuration below and save it.
#Server IP and Port
remote 192.168.1.104 1337
Download the client application for using OpenVPN and install it on your client computer (preferably on your desktop).
Try networkmanager-openvpn through the NetworkManager.
Or use terminal
sudo openvpn –config client.ovpn
Mac OS user
The Bottom Line
OpenVPN offers a solution for people who want to use a secure network connection facilitated by the public internet. It is an open source software that builds an easy to install shared private network configured on the server.