Installation and configuration of OpenVPN server on Centos 6.8

By | March 22, 2017

This blog will help you with the installation and configuration of OpenVPN server on centos 6.8 on DigitalOcean

OpenVPN server version : 2.3.14

CentOS Version : CentOS 6.8

1. Login to server and switch as root user

$ sudo su –

or

$ su –

2. Install EPEL repository

# rpm -Uivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

3. Update and install openvpn-server related packages

# yum update && yum -y install openvpn easy-rsa

4. Generate required certificates and key

# mkdir -p /etc/openvpn/easy-rsa/keys

# cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

# cd /etc/openvpn/easy-rsa

# source ./vars

# ./clean-all

 

# ./build-ca

The above command will create ca certificate, and it will be prompted for some values. Please see the below image  for sample values :

 

# ./build-key-server server

The above command will create server certificate, and it will be prompted for some values. Please see the below image for sample values :

 

# ./build-dh

NOTE : All keys and certs will be saved in /etc/openvpn/easy-rsa/keys folder

5. copy all  keys and certificates to /etc/openvpn folder

# cd /etc/openvpn/easy-rsa/keys

# cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/

6. Create a new file in /etc/openvpn/ folder with the name server.conf , and add the following lines

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3

7. Enable IP forwarding. Open /etc/sysctl.conf and change the line

from

net.ipv4.ip_forward =  0

to

net.ipv4.ip_forward = 1

8. Add  iptables rules for proper routing

# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

# iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

9. Save and Restart iptables

# service iptables save

# service iptables restart

10. Start openvpn server

# service openvpn start

# chkconfig openvpn on

11. Disable all other ports except 22 (ssh) and 1194  (openvpn).

This is optional, and you do this only if you are running openvpn server on your machine.

Note : On my server, the default chain policy is ACCEPT

# iptables -A INPUT -p tcp –dport 22 -j ACCEPT

# iptables -A OUTPUT -p tcp –sport 22 -j ACCEPT

# iptables -A INPUT -p udp –dport 1194 -j ACCEPT

# iptables -A OUTPUT -p udp –sport 1194 -j ACCEPT

# iptables -A INPUT -j DROP

# iptables -A OUTPUT -j DROP

Done !!.

Click Here to configure OpenVPN client on Windows and Linux machine.

 

 


Leave a Reply

Your email address will not be published. Required fields are marked *