In this tutorial, we will show you how to install and configure an OpenVPN server on CentOS 7. OpenVPN is one of the most popular VPN software solutions that implements virtual private network techniques for creating secure point-to-point or site-to-site connections. This guide should work on other Linux VPS systems as well but was tested and written for an CentOS 7. Installing openVPN on CentOS7 is an easy task, just carefully follow the steps bellow and you should have it done in less than 10 minutes.
Login to your VPS via SSH
ssh [email protected]_IP
Update the system
1. Install OpenVPN
OpenVPN is not available in the official CentOS 7 repositories so first we need to add the EPEL repository and then install the package:
To enable the Epel repository run the following command:
yum install epel-release
Once the repository is enabled install the openvpn and openssl packages:
yum install openvpn openssl
2. Generate local certificate authority
First, generate the Diffie-Hellman parameters (DH file) which is used to secure the key exchange between the server and the client. This command can take a while to run depending on the server.
openssl dhparam -out /etc/openvpn/dh.pem 2048
ca.crt (certificate authority) file:
openssl genrsa -out /etc/openvpn/ca.key 2048 chmod 600 /etc/openvpn/ca.key openssl req -new -key /etc/openvpn/ca.key -out /etc/openvpn/ca.csr -subj /CN=OpenVPN-CA/ openssl x509 -req -in /etc/openvpn/ca.csr -out /etc/openvpn/ca.crt -signkey /etc/openvpn/ca.key -days 365 echo 01 > /etc/openvpn/ca.srl
3. Configure OpenVPN server
Create server certificate and key with the following commands will generate a server certificate and key:
openssl genrsa -out /etc/openvpn/server.key 2048 chmod 600 /etc/openvpn/server.key openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -subj /CN=OpenVPN/ openssl x509 -req -in /etc/openvpn/server.csr -out /etc/openvpn/server.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 365
4. Create OpenVPN server configuration file
You can either copy and edit the default OpenVPN configuration or create a new one from scratch.
server 10.8.0.0 255.255.255.0 verb 3 key /etc/openvpn/server.key ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt dh /etc/openvpn/dh.pem keepalive 10 120 persist-key persist-tun comp-lzo push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 18.104.22.168" push "dhcp-option DNS 22.214.171.124" user nobody group nogroup proto udp port 1194 dev tun1194 status openvpn-status.log
save the file and enable and start the OpenVPN service with:
systemctl enable [email protected] systemctl start [email protected]
Add the following
iptables rule so that traffic can leave the VPN. Change the
eth0 with the public network interface of your server.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Note: If you are running an openvz based VPS
instead of the rule above add:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source YOUR_SERVER_IP>
Finally, we also need to allow IP forwarding:
sysctl -w net.ipv4.ip_forward=1
5. Create client certificate and key
The following commands will generate a client certificate and key:
openssl genrsa -out /etc/openvpn/client.key 2048 chmod 600 /etc/openvpn/client.key openssl req -new -key /etc/openvpn/client.key -out /etc/openvpn/client.csr -subj /CN=OpenVPN-Client/ openssl x509 -req -in /etc/openvpn/client.csr -out /etc/openvpn/client.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 36525
Next, copy the following files to your client machine
/etc/openvpn/ca.crt /etc/openvpn/client.crt /etc/openvpn/client.key
6. Start OpenVPN on CentOS 7
start your OpenVPN client with the following configuration.
client nobind dev tun redirect-gateway def1 bypass-dhcp remote YOUR_SERVER_IP 1194 udp comp-lzo yes duplicate-cn key /etc/openvpn/client.key cert /etc/openvpn/client.crt ca /etc/openvpn/ca.crt
Do not forget to change
YOUR_SERVER_IP with your OpenVPN server IP address.
That’s it. You have successfully installed a configured an OpenVPN server on your CentOS 7 VPS.
Of course, you don’t have to install OpenVPN on CentOS 7, if you use one of our CentOS 7 Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install OpenVPN on CentOS 7, for you. They are available 24×7 and will take care of your request immediately.