Difference between revisions of "OpenVPN on Centos 6"

From vpsget wiki
Jump to: navigation, search
 
Line 78: Line 78:
  
 
-----
 
-----
 +
 +
You may try to set constant buffer values inb order to increase openvpn tunnel speed  if you have client on Windows and Linux openvpn server., just add the next lines to the server.conf:
 +
 +
sndbuf 393216  #server value
 +
rcvbuf 393216  #
 +
push "sndbuf 393216" #client pushed value for any case to force and override any other params
 +
push "rcvbuf 393216" #
  
  

Latest revision as of 13:53, 28 November 2016

Tested on Centos 6.7 and OpenVPN 2.3.10

Install Epel repository

yum install epel-release

Install dependencies and the OpenVPN

yum install wget nano unzip openvpn
cd /etc/openvpn/
wget https://github.com/OpenVPN/easy-rsa/archive/master.zip
unzip master.zip
cp -R easy-rsa-master/easyrsa3 server
cd server
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
cp /etc/openvpn/server/pki/ca.crt /etc/openvpn/
cp /etc/openvpn/server/pki/issued/server.crt /etc/openvpn/
cp /etc/openvpn/server/pki/dh.pem /etc/openvpn/
cp /etc/openvpn/server/pki/private/server.key /etc/openvpn/

Generate client

cp -R /etc/openvpn/easy-rsa-master/easyrsa3 /etc/openvpn/client1
cd /etc/openvpn/client1/
./easyrsa init-pki
./easyrsa gen-req client1 nopass
cd /etc/openvpn/server
./easyrsa import-req /etc/openvpn/client1/pki/reqs/client1.req client1
./easyrsa sign-req client client1

Enable forwarding

nano /etc/sysctl.conf

Set the following value:

net.ipv4.ip_forward = 1

Save the file and apply the changes:

sysctl -p

Add firewall rules. Note: change venet0 to your actual interface.

iptables -A FORWARD -i tun+ -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save >/etc/sysconfig/iptables
service iptables restart

Create openvpn conf file

nano /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Start OpenVPN daemon:

service openvpn start
chkconfig openvpn on
chkconfig iptables on

The files you will need on a client side:

/etc/openvpn/client1/pki/private/client1.key
/etc/openvpn/server/pki/issued/client1.crt
/etc/openvpn/server/pki/ca.crt

How to configure OpenVPN client on Windows

Also refer to this guide if you would like to install double vpn


You may try to set constant buffer values inb order to increase openvpn tunnel speed if you have client on Windows and Linux openvpn server., just add the next lines to the server.conf:

sndbuf 393216  #server value
rcvbuf 393216  #
push "sndbuf 393216" #client pushed value for any case to force and override any other params
push "rcvbuf 393216" #



>>Get OpenVPN Ready2Go VPS. $5.95 p/m 512RAM,20GB SAS,2Tb, Netherlands, EU
   remember to enable TUN/TAP in SolusVM CP after you got access.