You must be hearing a lot about VPNs these days. We have witnessed the demand for VPNs rising rapidly in recent years. Moreover, Google trends also show the rise in the search trend of “VPN” and VPN-related keywords.
VPN stands for Virtual Private Network, and there are many reasons why people use them. Security, Internet Censorship, and privacy on public Wi-Fi are just a few of the many reasons. In this article I will be discussing how to install OpenVPN on a VPS or dedicated server to allow you to have VPN connections to your server.
For this tutorial, we will be installing OpenVPN on a VPS running CentOS 6.x 64-bit with 1GB of RAM.
- Vanilla OS install (preferable)
- 64MB of RAM (128MB recommended)
- Root SSH Access
- SFTP Client
First and foremost we need to connect to our server via SSH. If you do not have an SSH client installed, I would highly recommend PuTTy. It’s free and you can find it via a quick Google search. I use SecureCRT, as it makes saving my SSH sessions very easy.
Once you are connected via SSH we can get to work. The next thing we need to do is verify that TUN/TAP is enabled. To do this run the following:
If TUN/TAP is enabled, it will return the following:
[root@vpn ~]# cat /dev/net/tun cat: /dev/net/tun: File descriptor in bad state
If you get anything else, you will need to contact your hosting provider to have TUN enabled. Generally if it is disabled it will return a “file not found” message.
We will proceed by installing some modules which will be required later on in the install process.
Lets download the OpenVPN REPO and RPMForge REPO install files.
CentOS 6.x 64-bit
If you are using CentOS 5.x, change the “el6” in the second URL to “el5“. If you’re using the 32-bit version of your OS, change “x86_64” to read “i386“
Next we need to build and install the RPM packages we just downloaded.
Now we have prepared our server for the install of OpenVPN.
Copy the contents of the “easy-rsa” folder to /etc/openvpn so we can build the certificates required to connect to the VPN.
It’s time to create the certificate.
The next step will actually build the certificate. It will ask you questions and they will need to be modified or you can just press “enter” to skip through most of them.
- Country Name: Press enter to leave unchanged
- State or Province Name: Press enter to leave unchanged
- Locality Name: Press enter to leave unchanged
- Organization Name: Press enter to leave unchanged
- Organizational Unit Name: Press enter to leave unchanged
- Common Name: Press enter to leave unchanged
- Name: Press enter to leave unchanged
- Email Address: Press enter to leave unchanged
Use the same entries as build-ca, along with the following additional parameters
- A challenge password:Leave this blank
- An optional company name:Optional
- Sign the certificate?: y
- 1 out of 1 certificate requests certified, commit?: y
Build DH Parameters (this may take a moment):
We will now make a configuration file for OpenVPN. You may use any text editor you like. I prefer nano and will use it for the remainder of this tutorial.
local x.x.x.x #- your_server_ip
port 1194 #- default port
proto udp #- protocol
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
server 184.108.40.206 255.255.255.0
push “redirect-gateway def1”
push “dhcp-option DNS 220.127.116.11”
push “dhcp-option DNS 18.104.22.168”
keepalive 5 30
If you’re using nano you can save and close the file by “Ctrl+X” and typing “y” at the prompt asking to save changes.
Now lets start the OpenVPN server using the configuration file we just made.
Ctrl+C to exit from the process monitor. OpenVPN should remain running in the background.
Enable IP forwarding on the server:
Create the iptables routes to enable traffic to flow through the VPN properly
x.x.x.x is the IP of your server.
OpenVPN pulls it’s user data from the Linux system users, so to add users to OpenVPN we add Linux users.
useradd username passwd username
“username” in both instances is the username for your user.
Now is the time you’ve been waiting for. Lets install the OpenVPN client to our computer and try to connect to our new VPN.
You can find the latest version of the OpenVPN desktop client on the OpenVPN website here. As of the writing of this post, version 2.2.2 was the latest stable version. When installing the client, please pay attention to the directory in which it is installed. Mainly, whether or not it is in Program Files or Program Files (x86).
Once we have installed the OpenVPN desktop client, we need to download the key from the server that we generated earlier. We will use our SFTP client for this. I use Filezilla.
The file can be found in /etc/openvpn/easy-rsa/2.0/keys/. You want to copy the ca.crt file to the OpenVPN config directory on your desktop. This can be found in C:\Program Files\OpenVPN\config. If you’re using Windows Visa/7 x64, this will likely be found in C:\Program Files (x86)\OpenVPN\config.
We’re now on the home stretch. Lets create a config file on our desktop that will let us connect to the VPN.
Create a file in the same config directory and paste the following details in it. Please make sure it is not namedanything.ovpn.txt or this will not work correctly.
proto udp #- protocol
remote x.x.x.x 1194 #- SERVER IP and OPENVPN Port
x.x.x.x is the IP address of your server specified earlier in this tutorial.
Now start the OpenVPN GUI Client and enter your username and password created earlier.
Congratulations, you’re now successfully connected to your new VPN. If you have any questions or issues feel free to ask.