OpenVPN on CentOS 6

Ben Tasker

2012-09-02 21:39 (updated 2019-05-06 10:01)

Setting up OpenVPN is seldom complicated nowadays, but on CentOS it's far more straightforward than I've experienced on most other distro's.

This documentation details how to install and configure OpenVPN on CentOS 6

Install and enable the epel repo's and then run the following

yum install openvpn 
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/

nano /etc/openvpn/server.conf

# Change localserver to the IP of your machine
# Exit and save (change anything else you don't want at the default)

# Handle keys
mkdir /etc/openvpn/easy-rsa/keys -p 
cd /etc/openvpn/easy-rsa
cp -rf /usr/share/openvpn/easy-rsa/2.0/* . 
nano vars


# Change the relevant vars (country, state etc)
# Exit and save 


# Now we're going to create a certificate authority
./clean-all
./build-ca

# Build the server certificate
./build-key-server server #You can replace server with a different name if you want to use one 

# Build the diffie-hellman files (Used for key exchange)
./build-dh

# Copy the keys to the openvpn dir
cd keys && cp ca.crt cert SERVER.crt key SERVER.key dh dh1024.pem /etc/openvpn/

# Build a key for a client
# Note: If you want to password protect the key, use build-key-pass instead
cd ..
./build-key BensPC 

# Set up NAT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

# Start the service
/etc/init.d/openvpn start

# If that worked without error, make boot automatically
chkconfig openvpn on

We're now ready to install on the clients, whether that be an Android phone, Windows or *NIX work stations etc. To do so, simply copy the client key (in my example it's /etc/openvpn/easy-rsa/keys/BensPC.key and BensPC.crt ) to the client and use with OpenVPN.

Don't forget to logon to your firewall/NAT Router and forward port 1194 to your OpenVPN server (if you left the defaults, the protocol will be UDP).

Related Snippets