OpenVPN 2.3.6 on Centos 6

From vpsget wiki
Jump to: navigation, search

This article is for deprecated OpenVPN version.

The actual KB article for the latest OpenVPN [2.3.10] version could be found here:

Click here: OpenVPN 2.3.10 on Centos 6.7

Install Epel repository 

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

install openvpn 

yum install openvpn nano
cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 server
cd /etc/openvpn/server
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/
cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/
cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/
cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/

Generate client.
This procedure should be repeated for each client but using a different names (client2, client3 ...) 

cd /etc/openvpn
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.0-rc2/EasyRSA-3.0.0-rc2.tgz
tar -zxvf EasyRSA-3.0.0-rc2.tgz
mv EasyRSA-3.0.0-rc2 client1
cd client1
./easyrsa init-pki
./easyrsa gen-req client1 nopass
./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1
./easyrsa sign-req client client1

Enable forwarding 

nano /etc/sysctl.conf

Set the following value 

net.ipv4.ip_forward = 1

Apply 

sysctl -p

Add firewall rules.
Change venet0 to your actual interface. 

iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save >/etc/sysconfig/iptables
service iptables restart

Create openvpn conf file 

nano /etc/openvpn/server.conf

Paste the following lines 

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Start openvpn 

service openvpn start
chkconfig openvpn on
chkconfig iptables on



The files you will need on a client side: 

/etc/openvpn/client/pki/private/client1.key
/etc/openvpn/server/pki/issued/client1.crt
/etc/openvpn/server/pki/ca.crt
/etc/openvpn/server/pki/dh.pem

How to configure OpenVPN client on Windows



  • Add user (cert) to existent OpenVPN users DB:

You simply should source the vars before creating the key . Use one of the next ways: 

". vars"

or 

". ./vars"

or 

"source ./vars"

After that you can build key for new user: 

./build-key client_new



Also refer to this guide if you would like to install double vpn 



>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU
   remember to enable TUN/TAP in SolusVM CP after you got access.
Retrieved from "https://wiki.vpsget.com/index.php?title=OpenVPN_2.3.6_on_Centos_6&oldid=7145"