Knowledgebase

OpenVPN server installation tutorial

This tutorial will help you configuring a VPN server with internet access under CentOS 7 virtual server at yourserver.se.
Assuming you have a freshly installed CentOS 7 virtual server follow these steps:

1. Install epel repository:
yum -y install epel-release
2. Install OpenVPN and certificate generation tools (easy-rsa):
yum -y install openvpn easy-rsa
3. Create a directory for your certificates and keys:
mkdir /etc/openvpn/easy-rsa cp -rf /usr/share/easy-rsa/3/* easy-rsa/
4. Now let's configure our certificate authority and certificate authority:
cd easy-rsa/
./easyrsa init-pki
./easyrsa gen-dh
./easyrsa build-ca nopass
./easyrsa build-server-full server nopass
5. Create a client certificate for every user, connecting to your VPN server:
./easyrsa build-client-full user1 nopass
6. Write server configuration file:
cat <<EOF > /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca easy-rsa/pki/ca.crt
cert easy-rsa/pki/issued/server.crt
key easy-rsa/pki/private/server.key
dh easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
EOF

7. Set up packet forwaring and NAT:
yum -y install iptables-services policycoreutils
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/50-forwarding.conf
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
/usr/libexec/iptables/iptables.init save

8. Save settings and enable services at boot:
systemctl enable iptables
systemctl enable [email protected]

9. You have the server part ready. Now copy these files to every user device:
/etc/openvpn/easy-rsa/pki/issued/USERNAME.crt
/etc/openvpn/easy-rsa/pki/private/USERNAME.crt
/etc/openvpn/easy-rsa/pki/ca.crt

Don't forget to change SERVER to your yourserver.se VPS IP address and USERNAME to the one created in step 5.

Related Articles

Backups

With yourserver.se automated backup system customers are able to restore their virtual servers’...

Additional IP addresses

Additional IPv4 addresses all available for any plan. Each additional address costs 2€ per month....

SWAP support

To prolong life of our servers' SSDs we do not support SWAP inside customers' virtual servers.

How to enable TUN interface for OpenVPN?

Starting from November 10, 2015 TUN/TAP interface is enabled automatically when creating a new...

Basic steps to secure your server

Keeping your server secure is essential — even if you don't have business critical or...