How To Setup Ovpn In Centos

Welcome to my detailed guide on setting up OpenVPN in CentOS. OpenVPN is a powerful and secure open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. In this article, I’ll walk you through the step-by-step process of setting up OpenVPN on a CentOS server. Let’s dive in!


Before we begin the installation, ensure that you have root access to a CentOS server. You’ll also need to have the epel-release package installed, which can be done using the following command:

sudo yum install epel-release


First, let’s install OpenVPN and EasyRSA, a small and full-featured PKI to help you manage your own public key infrastructure. Use the following commands to install these packages:

sudo yum install openvpn easy-rsa


Now that the required packages are installed, we’ll move on to the configuration. Navigate to the EasyRSA directory using the following command:

cd /usr/share/easy-rsa/3

Run the following commands to initialize the PKI and create the necessary files:

./easyrsa init-pki
./easyrsa build-ca

Next, generate the server key and certificate. You can do this by running the following commands:

./easyrsa gen-req server nopass
./easyrsa sign-req server server

After generating the server key and certificate, create the Diffie-Hellman parameters using the following command:

./easyrsa gen-dh

Now, let’s copy the keys and certificates to the OpenVPN directory using the following commands:

cp pki/private/server.key /etc/openvpn/
cp pki/issued/server.crt /etc/openvpn/
cp pki/dh.pem /etc/openvpn/
cp pki/ca.crt /etc/openvpn/

Server Configuration

We’ll now create the server configuration file. You can use the following example as a template:

sudo nano /etc/openvpn/server.conf

Here is an example configuration file:

dev tun
proto udp
port 1194
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nobody
status openvpn-status.log
verb 3

After creating the configuration file, enable IPv4 forwarding using the following command:

sudo sysctl -w net.ipv4.ip_forward=1

Finally, start and enable the OpenVPN service using the following commands:

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Client Configuration

With the server setup complete, you can now generate client certificates and keys. This can be done by navigating to the EasyRSA directory and running the following command for each client:

./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

Each client will require a configuration file. Here is an example client configuration file:

dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 3






Congratulations! You have successfully set up OpenVPN on your CentOS server and configured it for client usage. This powerful VPN solution provides secure access to your server’s resources from remote locations. Remember to secure your keys and certificates, and always stay updated with the latest security practices. Now, you can securely access your server from anywhere with an internet connection. Enjoy the flexibility and security that OpenVPN provides!