V P N S C R I P T
Help

Installing OpenVPN on CentOS 6.x

  1. By admin
  2. No Comments

REQUIREMENTS

  1. A VPS or Dedicated server running CentOS 6.x
  2. Only for VPS based-on OpenVZ virtualization (other skip this): please enable TUN/TAP options in your VPS control panel (e.g: SolusVM).

Step 1 – Login to your server via SSH. You better login as root.

Step 2 – Now issue this first command syntax:

1
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

Step 3 – Now download LZO RPM and Configure RPMForge Repo. Use wget command:

1
wget https://vpnscript.net/download/lzo-1.08-4.rf.src.rpm

Step 4 – Now add correct repo for your server:

CentOS 6 32-bit (x86):

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm  

 

CentOS 6 64-bit (x86_64):

wget ftp://ftp.pbone.net/mirror/dag.wieers.com/redhat/el6/en/x86_64/dag/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm  

 

How to know which one is your server? Issue this command:

uname -a

If you see “x86_64 GNU/Linux” at the end of the output line means your server is 64-bit. Otherwise if you see “i686 i386 GNU/Linux” or “x86 GNU/Linux” means your machine is 32-bit.

Step 5 – Then build the rpm package using this command:

1
2
3
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*

hit enter for each line above.

INSTALLING OPENVPN

Step 6 – Issue the special yum command:

1
yum install openvpn -y

Step 7 – Copy the easy-rsa folder to /etc/openvpn/, use this command:

1
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/

Step 8 – Now edit it:

1
nano /etc/openvpn/easy-rsa/2.0/vars

Edit this line:

1
export KEY_CONFIG='$EASY_RSA/whichopensslcnf $EASY_RSA'

replace it with:

1
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

once done hit Control+O to save then Control+X to exit.

Step 9 – Create the certificate using these commands:

1
2
3
4
5
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all

hit enter for each line.

Step 10 – It’s time to build necessary CA file:

1
./build-ca

Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter

Step 11 – Time to build Key Server:

1
./build-key-server server

Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y

You can simply leave them blank. The only 2 required are sign the certificate (choose “y”) and 1 out of 1 certificate requests (choose “y”)

Step 12 – Now issue command below to build Diffie Hellman:

1
./build-dh

Step 13 – Create OpenVPN config file:

1
nano /etc/openvpn/server.conf

Step 14 – Now enter this value in that config file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

Save it once done. (Control+O then Control+X)

Step 15 – Lets start OpenVPN service on your server for the very first time:

1
service openvpn start

Step 16 – You’ll also need to enable IP forwarding in the file /etc/sysctl.conf. Open it and edit “net.ipv4.ip_forward” line to 1:

1
nano /etc/sysctl.conf

replace 0 with 1 in this line:

1
net.ipv4.ip_forward = 1

Hit Control+O to save then Control+X to exit nano.

Step 17 – Issue this command to load the change:

1
sysctl -p

or

1
sysctl -e

Step 18 – Now route some iptables.

Xen and KVM users use:

1
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

special for OpenVZ use these two instead:

1
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123

and

1
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123

Do not forget to replace 123.123.123.123 with your server IP.

Step 19 – Note: if you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF:

1
2
3
4
5
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123

Step 20 – Now save that iptables rules:

1
service iptables save

Step 21 – Restart OpenVPN Service

service openvpn restart

 

Step 22 - Make sure OpenVPN starts automatically with server boot.

chkconfig openvpn on

 

Step 23 – You are done. Now simply go to your VPN Script admin dashboard > Add New Server and add your server to the system. It will take care of the rest from there.

No Comments

Related Post

Adding TCP Connection Support

No Comments

Leave a Comment

Recent Posts

Adding TCP Connection Su

Version 1.0.1 Released

Installing OpenVPN on Ce