Welcome to my detailed guide on setting up OpenVPN in CentOS. OpenVPN is a powerful and secure open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. In this article, I’ll walk you through the step-by-step process of setting up OpenVPN on a CentOS server. Let’s dive in!
Prerequisites
Before we begin the installation, ensure that you have root access to a CentOS server. You’ll also need to have the epel-release package installed, which can be done using the following command:
sudo yum install epel-release
Installation
First, let’s install OpenVPN and EasyRSA, a small and full-featured PKI to help you manage your own public key infrastructure. Use the following commands to install these packages:
sudo yum install openvpn easy-rsa
Configuration
Now that the required packages are installed, we’ll move on to the configuration. Navigate to the EasyRSA directory using the following command:
cd /usr/share/easy-rsa/3
Run the following commands to initialize the PKI and create the necessary files:
./easyrsa init-pki
./easyrsa build-ca
Next, generate the server key and certificate. You can do this by running the following commands:
./easyrsa gen-req server nopass
./easyrsa sign-req server server
After generating the server key and certificate, create the Diffie-Hellman parameters using the following command:
./easyrsa gen-dh
Now, let’s copy the keys and certificates to the OpenVPN directory using the following commands:
cp pki/private/server.key /etc/openvpn/
cp pki/issued/server.crt /etc/openvpn/
cp pki/dh.pem /etc/openvpn/
cp pki/ca.crt /etc/openvpn/
Server Configuration
We’ll now create the server configuration file. You can use the following example as a template:
sudo nano /etc/openvpn/server.conf
Here is an example configuration file:
dev tun
proto udp
port 1194
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
After creating the configuration file, enable IPv4 forwarding using the following command:
sudo sysctl -w net.ipv4.ip_forward=1
Finally, start and enable the OpenVPN service using the following commands:
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
Client Configuration
With the server setup complete, you can now generate client certificates and keys. This can be done by navigating to the EasyRSA directory and running the following command for each client:
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
Each client will require a configuration file. Here is an example client configuration file:
client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 3
client1.key
client1.crt
ca.crt
ta.key
Conclusion
Congratulations! You have successfully set up OpenVPN on your CentOS server and configured it for client usage. This powerful VPN solution provides secure access to your server’s resources from remote locations. Remember to secure your keys and certificates, and always stay updated with the latest security practices. Now, you can securely access your server from anywhere with an internet connection. Enjoy the flexibility and security that OpenVPN provides!
