OpenVPN 2.3.6 on Centos 6
This article is for deprecated OpenVPN version.
The actual KB article for the latest OpenVPN [2.3.10] version could be found here:
Click here: OpenVPN 2.3.10 on Centos 6.7
Install Epel repository
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
install openvpn
yum install openvpn nano cd /etc/openvpn wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz tar -zxvf EasyRSA-3.0.0-rc2.tgz mv EasyRSA-3.0.0-rc2 server cd /etc/openvpn/server ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req server nopass ./easyrsa sign-req server server ./easyrsa gen-dh cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/ cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/ cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/ cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/
Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...)
cd /etc/openvpn wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz tar -zxvf EasyRSA-3.0.0-rc2.tgz mv EasyRSA-3.0.0-rc2 client1 cd client1 ./easyrsa init-pki ./easyrsa gen-req client1 nopass ./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1 ./easyrsa sign-req client client1
Enable forwarding
nano /etc/sysctl.conf
Set the following value
net.ipv4.ip_forward = 1
Apply
sysctl -p
Add firewall rules.
Change venet0 to your actual interface.
iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables-save >/etc/sysconfig/iptables service iptables restart
Create openvpn conf file
nano /etc/openvpn/server.conf
Paste the following lines
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
Start openvpn
service openvpn start chkconfig openvpn on chkconfig iptables on
The files you will need on a client side:
/etc/openvpn/client/pki/private/client1.key /etc/openvpn/server/pki/issued/client1.crt /etc/openvpn/server/pki/ca.crt /etc/openvpn/server/pki/dh.pem
How to configure OpenVPN client on Windows
- Add user (cert) to existent OpenVPN users DB:
You simply should source the vars before creating the key . Use one of the next ways:
". vars"
or
". ./vars"
or
"source ./vars"
After that you can build key for new user:
./build-key client_new
Also refer to this guide if you would like to install double vpn
>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU remember to enable TUN/TAP in SolusVM CP after you got access.