Difference between revisions of "OpenVPN on Centos 6"
(Created page with "Tested on Centos 6.7 and OpenVPN 2.3.10 Install Epel repository yum install epel-release Install dependencies and the OpenVPN yum install wget nano openvpn cd /etc/openvpn...") |
|||
(5 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
yum install epel-release | yum install epel-release | ||
Install dependencies and the OpenVPN | Install dependencies and the OpenVPN | ||
− | yum install wget nano openvpn | + | yum install wget nano unzip openvpn |
cd /etc/openvpn/ | cd /etc/openvpn/ | ||
wget https://github.com/OpenVPN/easy-rsa/archive/master.zip | wget https://github.com/OpenVPN/easy-rsa/archive/master.zip | ||
Line 21: | Line 21: | ||
Generate client | Generate client | ||
− | cp -R /etc/openvpn/easy-rsa-master/easyrsa3 client1 | + | cp -R /etc/openvpn/easy-rsa-master/easyrsa3 /etc/openvpn/client1 |
cd /etc/openvpn/client1/ | cd /etc/openvpn/client1/ | ||
./easyrsa init-pki | ./easyrsa init-pki | ||
Line 46: | Line 46: | ||
nano /etc/openvpn/server.conf | nano /etc/openvpn/server.conf | ||
− | port 1194 | + | port 1194 |
− | proto udp | + | proto udp |
− | dev tun | + | dev tun |
− | ca ca.crt | + | ca ca.crt |
− | cert server.crt | + | cert server.crt |
− | key server.key # This file should be kept secret | + | key server.key # This file should be kept secret |
− | dh dh.pem | + | dh dh.pem |
− | server 10.8.0.0 255.255.255.0 | + | server 10.8.0.0 255.255.255.0 |
− | push "redirect-gateway def1" | + | push "redirect-gateway def1" |
− | ifconfig-pool-persist ipp.txt | + | ifconfig-pool-persist ipp.txt |
− | keepalive 10 120 | + | keepalive 10 120 |
− | comp-lzo | + | comp-lzo |
− | persist-key | + | persist-key |
− | persist-tun | + | persist-tun |
− | status openvpn-status.log | + | status openvpn-status.log |
− | verb 3 | + | verb 3 |
Start OpenVPN daemon: | Start OpenVPN daemon: | ||
Line 69: | Line 69: | ||
The files you will need on a client side: | The files you will need on a client side: | ||
− | /etc/openvpn/ | + | /etc/openvpn/client1/pki/private/client1.key |
/etc/openvpn/server/pki/issued/client1.crt | /etc/openvpn/server/pki/issued/client1.crt | ||
/etc/openvpn/server/pki/ca.crt | /etc/openvpn/server/pki/ca.crt | ||
− | |||
[http://wiki.vpsget.com/index.php/Configure_OpenVPN_client_on_Windows How to configure OpenVPN client on Windows] | [http://wiki.vpsget.com/index.php/Configure_OpenVPN_client_on_Windows How to configure OpenVPN client on Windows] | ||
Line 79: | Line 78: | ||
----- | ----- | ||
+ | |||
+ | You may try to set constant buffer values inb order to increase openvpn tunnel speed if you have client on Windows and Linux openvpn server., just add the next lines to the server.conf: | ||
+ | |||
+ | sndbuf 393216 #server value | ||
+ | rcvbuf 393216 # | ||
+ | push "sndbuf 393216" #client pushed value for any case to force and override any other params | ||
+ | push "rcvbuf 393216" # | ||
Latest revision as of 13:53, 28 November 2016
Tested on Centos 6.7 and OpenVPN 2.3.10
Install Epel repository
yum install epel-release
Install dependencies and the OpenVPN
yum install wget nano unzip openvpn cd /etc/openvpn/ wget https://github.com/OpenVPN/easy-rsa/archive/master.zip unzip master.zip cp -R easy-rsa-master/easyrsa3 server cd server ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req server nopass ./easyrsa sign-req server server ./easyrsa gen-dh cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/ cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/ cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/ cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/
Generate client
cp -R /etc/openvpn/easy-rsa-master/easyrsa3 /etc/openvpn/client1 cd /etc/openvpn/client1/ ./easyrsa init-pki ./easyrsa gen-req client1 nopass cd /etc/openvpn/server ./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1 ./easyrsa sign-req client client1
Enable forwarding
nano /etc/sysctl.conf
Set the following value:
net.ipv4.ip_forward = 1
Save the file and apply the changes:
sysctl -p
Add firewall rules. Note: change venet0 to your actual interface.
iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables-save >/etc/sysconfig/iptables service iptables restart
Create openvpn conf file
nano /etc/openvpn/server.conf
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
Start OpenVPN daemon:
service openvpn start chkconfig openvpn on chkconfig iptables on
The files you will need on a client side:
/etc/openvpn/client1/pki/private/client1.key /etc/openvpn/server/pki/issued/client1.crt /etc/openvpn/server/pki/ca.crt
How to configure OpenVPN client on Windows
Also refer to this guide if you would like to install double vpn
You may try to set constant buffer values inb order to increase openvpn tunnel speed if you have client on Windows and Linux openvpn server., just add the next lines to the server.conf:
sndbuf 393216 #server value rcvbuf 393216 # push "sndbuf 393216" #client pushed value for any case to force and override any other params push "rcvbuf 393216" #
>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU remember to enable TUN/TAP in SolusVM CP after you got access.