Installing, configuring, and using OpenVPN server Centos 6.6

Thursday, 05 March 2015 16:28

There are many reasons to use the VPN server for the Internet. This hide your location, and access to resources that are not available from your country, and anonymity, and access blocked sites, but the main reason - is security.

With VPN creates an encrypted tunnel from your computer to our VPN-server and back. This allows you to protect any data being transmitted from interception on any key nodes, whether public Wi-Fi router or your Internet Service Provider.

The easiest way to organize your own VPN server using OpenVPN. His installation, configuration and use will be discussed below.

Is installed on a virtual server with Centos 6.6, virtualization OpenVZ.

OpenVPN is in the repository EPEL. If you have it is not connected, you need to initially install it:


rpm -Uvh epel-release-6*.rpm

Install OpenVPN:

yum -y install openvpn easy-rsa

Go to the folder /etc/openvpn and create a configuration file there server.conf, with the following content, you can not change anything:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 10 120
max-clients 100
user nobody
group nobody
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3

Now you need to create server certificates. 

mkdir -p /etc/openvpn/easy-rsa/keys
cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa
source ./vars
./build-key-server server

All you can leave the default questions [y/n] answer y.

Next, create a client certificates:

./build-key client1

Everything is similar. If you want multiple clients, the operation is repeated several times, changing client1 on client2, client3 and so on.

Copy keys:

cd keys/
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

Configuring IP Forwarding. The file etc/sysctl.conf

net.ipv4.ip_forward = 0

change on 

net.ipv4.ip_forward = 1

Load settings:

sysctl -p

Configuring Iptables, SERVER-IP changing the actual IP address of our server.

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to SERVER-IP
iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT

Above were the settings for the VPS OpenVZ, for a dedicated server a little different:

iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Save the settings and restart iptables: 

service iptables save
service iptables restart

Start the OpenVPN server and put it in startup: 

service openvpn start
chkconfig openvpn on

On this server installation is complete, you are ready to configure the client to your computer.

Download and install the client the official site, then in a folder C:\Program Files\OpenVPN\config copy the file ca.crt from a folder /etc/openvpn the server and client keys folder /etc/openvpn/keys - client1.crt and client1.key.

In the same folder, create a file client.ovpn with the following contents, SERVER-IP change the IP address of your server. 

dev tun
proto udp
remote SERVER-IP 1194
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
verb 3
sndbuf 0
rcvbuf 0

Run the program and connect to your server. From this point on your IP address - the IP of your server and all your traffic is encrypted and passes through a secure channel.

If you need assistance in setting up OpenVPN, you can contact our support team. Also we can provide rent virtual servers already configured OpenVPN and costs $ 5 per month.

Can u help me set up my open vpn on a dedicated server.

goke goke | Wednesday, 01 February 2017 23:04

Leave a comment

  • Payment
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2024 WebPatron Ltd. All rights reserved.