fbpx

How to Install OpenVPN on a

You must be hearing a lot about VPNs these days. We have witnessed the demand for VPNs rising rapidly in recent years. Moreover, Google trends also show the rise in the search trend of “VPN” and VPN-related keywords.

VPN stands for Virtual Private Network, and there are many reasons why people use them. Security, Internet Censorship, and privacy on public Wi-Fi are just a few of the many reasons. In this article I will be discussing how to install OpenVPN on a VPS or dedicated server to allow you to have VPN connections to your server.

For this tutorial, we will be installing OpenVPN on a VPS running CentOS 6.x 64-bit with 1GB of RAM.

Requirements

  • Vanilla OS install (preferable)
  • 64MB of RAM (128MB recommended)
  • Root SSH Access
  • TUN/TAP
  • SFTP Client

First and foremost we need to connect to our server via SSH. If you do not have an SSH client installed, I would highly recommend PuTTy. It’s free and you can find it via a quick Google search. I use SecureCRT, as it makes saving my SSH sessions very easy.

 

Once you are connected via SSH we can get to work. The next thing we need to do is verify that TUN/TAP is enabled. To do this run the following:

Code:
cat /dev/net/tun

If TUN/TAP is enabled, it will return the following:

Code:
[root@vpn ~]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state


If you get anything else, you will need to contact your hosting provider to have TUN enabled. Generally if it is disabled it will return a “file not found” message.
We will proceed by installing some modules which will be required later on in the install process.

Code:
yum install gcc make rpm-build zlib-devel pam-devel openssl openssl-devel autoconf.noarch nano -y

Lets download the OpenVPN REPO and RPMForge REPO install files.
CentOS 6.x 64-bit

Code:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

If you are using CentOS 5.x, change the “el6” in the second URL to “el5“. If you’re using the 32-bit version of your OS, change “x86_64” to read “i386


Next we need to build and install the RPM packages we just downloaded.

Code:
rpmbuild –rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-1.08-4.rf.src.rpm rpm -Uvh rpmforge-release*

Now we have prepared our server for the install of OpenVPN.

Code:
yum install openvpn -y

Copy the contents of the “easy-rsa” folder to /etc/openvpn so we can build the certificates required to connect to the VPN.

Code:
cp -R /usr/share/doc/openvpn-2.*/easy-rsa/ /etc/openvpn/

It’s time to create the certificate.

Code:
cd /etc/openvpn/easy-rsa/2.0</pre> </div> <div>cp openssl-1.0.0.cnf openssl.cnf chmod 755 * source ./vars ./vars ./clean-all

The next step will actually build the certificate. It will ask you questions and they will need to be modified or you can just press “enter” to skip through most of them.

Code:
./build-ca
  • Country Name: Press enter to leave unchanged
  • State or Province Name: Press enter to leave unchanged
  • Locality Name: Press enter to leave unchanged
  • Organization Name: Press enter to leave unchanged
  • Organizational Unit Name: Press enter to leave unchanged
  • Common Name: Press enter to leave unchanged
  • Name: Press enter to leave unchanged
  • Email Address: Press enter to leave unchanged

 

Code:
./build-key-server server

Use the same entries as build-ca, along with the following additional parameters

  • A challenge password:Leave this blank
  • An optional company name:Optional
  • Sign the certificate?: y
  • 1 out of 1 certificate requests certified, commit?: y

Build DH Parameters (this may take a moment):

Code:
./build-dh

We will now make a configuration file for OpenVPN. You may use any text editor you like. I prefer nano and will use it for the remainder of this tutorial.

Code:
nano /etc/openvpn/config-default.conf

 

Code:

local x.x.x.x #- your_server_ip
port 1194 #- default port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.3.0 255.255.255.0
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

If you’re using nano you can save and close the file by “Ctrl+X” and typing “y” at the prompt asking to save changes.
Now lets start the OpenVPN server using the configuration file we just made.

Code:
openvpn /etc/openvpn/config-default.conf &

Ctrl+C to exit from the process monitor. OpenVPN should remain running in the background.
Enable IP forwarding on the server:

Code:
echo 1 > /proc/sys/net/ipv4/ip_forward

Create the iptables routes to enable traffic to flow through the VPN properly

Code:
iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT –to x.x.x.x

x.x.x.x is the IP of your server.
OpenVPN pulls it’s user data from the Linux system users, so to add users to OpenVPN we add Linux users.

Code:
useradd username

passwd username

“username” in both instances is the username for your user.

Now is the time you’ve been waiting for. Lets install the OpenVPN client to our computer and try to connect to our new VPN.
You can find the latest version of the OpenVPN desktop client on the OpenVPN website here. As of the writing of this post, version 2.2.2 was the latest stable version. When installing the client, please pay attention to the directory in which it is installed. Mainly, whether or not it is in Program Files or Program Files (x86).
Once we have installed the OpenVPN desktop client, we need to download the key from the server that we generated earlier. We will use our SFTP client for this. I use Filezilla.
The file can be found in /etc/openvpn/easy-rsa/2.0/keys/. You want to copy the ca.crt file to the OpenVPN config directory on your desktop. This can be found in C:\Program Files\OpenVPN\config. If you’re using Windows Visa/7 x64, this will likely be found in C:\Program Files (x86)\OpenVPN\config.

We’re now on the home stretch. Lets create a config file on our desktop that will let us connect to the VPN.
Create a file in the same config directory and paste the following details in it. Please make sure it is not namedanything.ovpn.txt or this will not work correctly.

client
dev tun
proto udp #- protocol
remote x.x.x.x 1194 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

 

x.x.x.x is the IP address of your server specified earlier in this tutorial.
Now start the OpenVPN GUI Client and enter your username and password created earlier.

Congratulations, you’re now successfully connected to your new VPN. If you have any questions or issues feel free to ask.

Leave a Reply

Your email address will not be published. Required fields are marked *