How to install VPN Server (OpenVPN) on CentOS 6

To check TUN/TAP Enable or not type
cat /dev/net/tun
If it show “cat: /dev/net/tun: File descriptor is bad state” it is mean your VPS’s TUN/TAP is enable.
If it is not you should ask your VPS Provider to active it (Some VPS Provider is not offer this service).

Ok, Now we start the installation VPN Server on your VPS 

1.We install dependencies for install VPN Server:

yum install gcc rpm-build autoconf.noarch zlib-devel pam-devel lzo lzo-devel openssl-devel automake imake pkgconfig gcc-c++

2.We download 4 packages for OPENVPN


3.We install the downloaded rpm packages and add the repository to your CentOS

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /root/rpmbuild/RPMS/i386/lzo-*.rpm
rpm -ivh pkcs11-helper-*.rpm
rpmbuild -tb openvpn-2.1.3.tar.gz
rpm -Uvh /root/rpmbuild/RPMS/i386/openvpn-2.1.3-1.i386.rpm

4.Now we copy the folder for creating certificate to directory /etc/openvpn/

cp -r /usr/share/doc/openvpn-2.1.3/easy-rsa/ /etc/openvpn/

5.Now we create the certificate

cd /etc/openvpn/easy-rsa/2.0
source ./vars

6.We Build CA

you’ll be asked to fill the field data, you can empty that with click enter repeatedly, but the importance one you have to fill is the “Common Name” field.
As this i use my hostname to put with it.
Example: lifeone168

6-A. We build Key Server

./build-key-server server
It is same as build-ca too, but in the “Common Name” we fill with: “server Build Diffie Hellman”

6-B. Then we build DH

The Building certificate done now we go next step

7.We create the configuration file in the directory /etc/openvpn
You can use Vi, Pico or Nano.
For me i use Nano to create the configuration file.
nano /etc/openvpn/server.conf

This is example of configuration file.

port 6677
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/ /etc/pam.d/login
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS”
push “dhcp-option DNS”
keepalive 5 30
status server-tcp.log
verb 3

Notice: You must change those lines:
Local to your VPS’s IP Address
port 6677 to your Port or you can use this port
proto tcp to protocol can be tcp or udp

Local 101.101.101
port 6666
proto udp

8.Now we start the OPENVPN

service openvpn start
If the status shows “Initialization Sequence Completed” that mean your VPN Server is running.

9.Now we are enabling ip forward and create NAT iptables rules so we can access the internet with OPENVPN server

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s -j SNAT –to
Notice: You must change it to your VPS’s IP Address
iptables -t nat -A POSTROUTING -s -j SNAT –to 101.101.101
Installation’s process is done.

10.Now we create user account to access with VPN Server.

useradd username -s /bin/false
and Set password to user

passwd username
useradd lifeone168 -s /bin/false
passwd lifeone168

11.We go to OPENVPN GUI config folder and create client configuration file.
If you are not yet installed OPENVPN software on your window download by Click Here
After installed please open Notepad to create configuration file.
This is example configuration for your OpenVPN

dev tun
proto tcp
remote 6677
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
verb 3
route-method exe
route-delay 2
Notice: You must change one line:
remote 6677 to your VPS’s IP Address and VPN’s Port
remote 101.101.101 6666

Then save the configuration with myvpn.ovpn to your openvpn’s conf directory
Window 7 64bits:
C:\Program Files (x86)\OpenVPN\config\
Window 7 32bit and XP:
C:\Program Files\OpenVPN\config
The last thing you have to do is download ca.crt file in directory /etc/openvpn/easy-rsa/2.0/keys/ to the same directory as you saved your openvps’s configuration file too. (above directory)

Now you are done. Let try run OPENVPN GUI by click on it and run it as administrator. Then right click on icon on your toolbar then click connect.
File up your username and password that you created on step 10.

Share Button