OpenVPN 2.3.1 on Centos 6

From vpsget wiki
Jump to: navigation, search

This article is for deprecated OpenVPN version.

The actual KB article for the latest OpenVPN [2.3.10] version could be found here:

Click here: OpenVPN 2.3.10 on Centos 6.7

>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU
   remember to enable TUN/TAP in SolusVM CP after you got access.

How to install [deprecated] OpenVPN 2.3.1 on Centos 6

Tested: OpenVPN 2.3.2 and OpebVPN 2.3.2 on Centos 6 VPS.

Current guide should be applicable for openvpn 2.3 and higher.

It is recommended to install epel repository first

Make sure you have these packages installed:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

Download LZO RPM


Download RPMForge Repo



rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*

Install openvpn

yum install openvpn

From the version 2.3 easy-rsa is an independent project so it has to be downloaded separately, for example like this:

cd /etc/openvpn
tar -zxvf EasyRSA-2.2.2.tgz
cd EasyRSA-2.2.2

Open up /etc/openvpn/EasyRSA-2.2.2/vars and change the below line:

export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`


export KEY_CONFIG=/etc/openvpn/EasyRSA-2.2.2/openssl-1.0.0.cnf

And save changes. Create the certificate:

cd /etc/openvpn/EasyRSA-2.2.2
chmod 755 *
source ./vars

Build CA:


Build key server:

./build-key-server server

Build Diffie Hellman


Generate clients

./build-key client1
./build-key client2
./build-key client3

Copy server config file server.conf for openvpn-2.3.1

cp /usr/share/doc/openvpn-2.3.1/sample/sample-config-files/server.conf /etc/openvpn

for openvpn-2.3.2

cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn

Edit the file to get proper configuration. For example, specify path to ca, cert, key, and push public DNS
Example server config:

port 1194
proto udp
dev tun
ca /etc/openvpn/EasyRSA-2.2.2/keys/ca.crt
cert /etc/openvpn/EasyRSA-2.2.2/keys/server.crt
key /etc/openvpn/EasyRSA-2.2.2/keys/server.key
dh /etc/openvpn/EasyRSA-2.2.2/keys/dh2048.pem
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 10 120
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3

Save client config file with .ovpn extention
Disable SELinux in /etc/selinux/config by changing




Now enable IP forwarding. Open the file /etc/sysctl.conf and change

net.ipv4.ip_forward = 0


net.ipv4.ip_forward = 1

Save changes using command:

sysctl -p

Configure /etc/sysconfig/iptables.

Please note that you should change eth0 to your proper network device , it can be eth1 or venet0 if on vps . just check your network devices with ifconfig command.

Sample config:
# Generated by iptables-save v1.4.7 on Thu Mar 28 11:52:05 2013
-A INPUT -i tun0 -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -i eth0 -p gre -j ACCEPT
-A FORWARD -i tun+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun+ -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# Completed on Thu Mar 28 11:52:05 2013
# Generated by iptables-save v1.4.7 on Thu Mar 28 11:52:05 2013
:PREROUTING ACCEPT [6222:273716]
:OUTPUT ACCEPT [306:22159]
# Completed on Thu Mar 28 11:52:05 2013

Start openvpn

service openvpn start

start openvpn at system startup

chkconfig openvpn on
chkconfig iptables on

If OpenVPN fails to start check if tun/tap in active:

cat /dev/net/tun

If output is:

cat: /dev/net/tun: File descriptor in bad state

than tun/tap in active, look /var/log/openvpn.log and /var/log/messages/
If output is:

cat: /dev/net/tun: No such device

than try:

mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun

Download client files from /etc/openvpn/easy-rsa/2.0/keys/ Upload these files to OpenVPN directory on client machine. OpenVPN client is available on official site ""

How to configure OpenVPN client on Windows

How to configure OpenVPN client on Android

OpenVPN 2.3.1 Centos 6

This guide should be applicable for the openvpn 2.3.x on centos 6.

  • Add user (cert) to existent OpenVPN users DB:

You simply should source the vars before creating the key . Use one of the next ways:

". vars" 


". ./vars" 


"source ./vars"

After that you can build key for new user:

./build-key client_new

Also refer to this guide if you would like to install double vpn