How to install VPN Server (OpenVPN) on CentOS 6

To check TUN/TAP Enable or not type
cat /dev/net/tun
If it show “cat: /dev/net/tun: File descriptor is bad state” it is mean your VPS’s TUN/TAP is enable.
If it is not you should ask your VPS Provider to active it (Some VPS Provider is not offer this service).

Ok, Now we start the installation VPN Server on your VPS 

1.We install dependencies for install VPN Server:

yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel lzo lzo-devel openssl-devel automake imake pkgconfig gcc-c++ libcrypto.so.6

2.We download 4 packages for OPENVPN

wget openvpn.net/release/openvpn-2.1.3.tar.gz
wget openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget ftp://ftp.muug.mb.ca/mirror/fedora/epel/….07-2.el5.1.i386.rpm
wget ftp://ftp.muug.mb.ca/mirror/fedora/epel/….07-2.el5.1.i386.rpm

3.We install the downloaded rpm packages and add the repository to your CentOS

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /root/rpmbuild/RPMS/i386/lzo-*.rpm
rpm -ivh pkcs11-helper-*.rpm
rpmbuild -tb openvpn-2.1.3.tar.gz
rpm -Uvh /root/rpmbuild/RPMS/i386/openvpn-2.1.3-1.i386.rpm

4.Now we copy the folder for creating certificate to directory /etc/openvpn/

cp -r /usr/share/doc/openvpn-2.1.3/easy-rsa/ /etc/openvpn/

5.Now we create the certificate

cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./clean-al

6.We Build CA

./build-ca
you’ll be asked to fill the field data, you can empty that with click enter repeatedly, but the importance one you have to fill is the “Common Name” field.
As this i use my hostname to put with it.
Example: lifeone168

6-A. We build Key Server

./build-key-server server
It is same as build-ca too, but in the “Common Name” we fill with: “server Build Diffie Hellman”

6-B. Then we build DH

./build-dh
The Building certificate done now we go next step

7.We create the configuration file in the directory /etc/openvpn
You can use Vi, Pico or Nano.
For me i use Nano to create the configuration file.
nano /etc/openvpn/server.conf

This is example of configuration file.

local 127.0.0.1
port 6677
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.4.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 4.2.2.1”
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Notice: You must change those lines:
Local 127.0.0.1 to your VPS’s IP Address
port 6677 to your Port or you can use this port
proto tcp to protocol can be tcp or udp

Example:
Local 101.101.101
port 6666
proto udp

8.Now we start the OPENVPN

service openvpn start
If the status shows “Initialization Sequence Completed” that mean your VPN Server is running.

9.Now we are enabling ip forward and create NAT iptables rules so we can access the internet with OPENVPN server

echo 1 > /proc/sys/net/ipv4/ip_forward
Then
iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT –to 127.0.0.1
Notice: You must change it to your VPS’s IP Address
Example:
iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT –to 101.101.101
Installation’s process is done.

10.Now we create user account to access with VPN Server.

useradd username -s /bin/false
and Set password to user

passwd username
Example:
useradd lifeone168 -s /bin/false
passwd lifeone168

11.We go to OPENVPN GUI config folder and create client configuration file.
If you are not yet installed OPENVPN software on your window download by Click Here
After installed please open Notepad to create configuration file.
This is example configuration for your OpenVPN

client
dev tun
proto tcp
remote 127.0.0.1 6677
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
route-method exe
route-delay 2
Notice: You must change one line:
remote 127.0.0.1 6677 to your VPS’s IP Address and VPN’s Port
Example:
remote 101.101.101 6666

Then save the configuration with myvpn.ovpn to your openvpn’s conf directory
Window 7 64bits:
C:\Program Files (x86)\OpenVPN\config\
Window 7 32bit and XP:
C:\Program Files\OpenVPN\config
The last thing you have to do is download ca.crt file in directory /etc/openvpn/easy-rsa/2.0/keys/ to the same directory as you saved your openvps’s configuration file too. (above directory)

Now you are done. Let try run OPENVPN GUI by click on it and run it as administrator. Then right click on icon on your toolbar then click connect.
File up your username and password that you created on step 10.

Share Button