Knowledgebase

OpenVPN server installation tutorial

This tutorial will help you configuring a VPN server with internet access under CentOS 7 virtual server at yourserver.se.
Assuming you have a freshly installed CentOS 7 virtual server follow these steps:

1. Install epel repository:
yum -y install epel-release
2. Install OpenVPN and certificate generation tools (easy-rsa):
yum -y install openvpn easy-rsa
3. Create a directory for your certificates and keys:
mkdir /etc/openvpn/easy-rsa cp -rf /usr/share/easy-rsa/3/* easy-rsa/
4. Now let's configure our certificate authority and certificate authority:
cd easy-rsa/
./easyrsa init-pki
./easyrsa gen-dh
./easyrsa build-ca nopass
./easyrsa build-server-full server nopass
5. Create a client certificate for every user, connecting to your VPN server:
./easyrsa build-client-full user1 nopass
6. Write server configuration file:
cat <<EOF > /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca easy-rsa/pki/ca.crt
cert easy-rsa/pki/issued/server.crt
key easy-rsa/pki/private/server.key
dh easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
EOF

7. Set up packet forwaring and NAT:
yum -y install iptables-services policycoreutils
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/50-forwarding.conf
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
/usr/libexec/iptables/iptables.init save

8. Save settings and enable services at boot:
systemctl enable iptables
systemctl enable [email protected]

9. You have the server part ready. Now copy these files to every user device:
/etc/openvpn/easy-rsa/pki/issued/USERNAME.crt
/etc/openvpn/easy-rsa/pki/private/USERNAME.crt
/etc/openvpn/easy-rsa/pki/ca.crt

Don't forget to change SERVER to your yourserver.se VPS IP address and USERNAME to the one created in step 5.

Related Articles

How to enable PPP interface for PPTP?

Please contact our support for enabling PPP interface. Required changes will be done within 1...

Reverse DNS (PTR record)

For proper functioning of e-mail and many other services you may need to set reverse DNS record...

Basic steps to secure your server

Keeping your server secure is essential — even if you don't have business critical or...

Changing server's hostname

To change your server's hostname: Login to your client's area from yourserver.se Select...

SElinux and AppArmor support

Due to technical architecture of our virtualization system (OpenVZ) SElinux and AppArmor are not...