I am back after a long time , courtesy my loyal companion which is none other than lethargy. This time around i am going to write a tutorial on installing CentOS OpenVPN on a vps. This will be graphical like my other tutorials so that if you follow through , you install CentOS OpenVPN successfully and use it. The big question is why i should install openvpn on vps? Well for me the biggest reason is that i want to change my ip to watch stuff like Hulu and BBC iPlayer which is restricted in my country. Another benefit of CentOS OpenVPN is the security it offers by encrypting traffic on public networks like public wifi spots which are not very safe otherwise. There might be some other business benefits which i am not aware of.
You will need to buy a VPS with vanilla install of Centos 32 bit as OS to install CentOS OpenVPN . The minimum memory is 64 mb but i would recommend 128 mb to be on the safe side. You will buy vps with an IP of the country u wish to see content from. For example if you want to watch HULU or other american restricted content , you will buy vps with IP located in USA . If you want to watch BBC content , you will need to buy vps from UK hosting companies. If you just want to byepass content filters in your country , then any vps outside your country will do once you successfully install CentOS OpenVPN.
You will also need to download and install Putty which you can find here.
Log in to your VPS using Putty.
You also need to ensure that TUN/TAP interface is installed and enabled by your vps provider to install CentOS OpenVPN. In order to check if TUN/TAP is installed or not , issue the follow command and see the output. If the output is something like this ” File Descriptor is in bad state” , then TUN/TAP is installed . Otherwise contact your VPS provider to install it or correctly install it.
In order to install CentOS OpenVPN server on the vps we need to add extra respository named EPEL. Issue the following command to add the repository on Centos 32 bit.
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
After the Centos OS updates , issue the following command to install OpenVPN server on the VPS
yum install openvpn
CentOS OpenVPN uses easy-rsa as its encryption tools. In order for them to work correctly , they are required to be moved to openvpn directory. Issue the following command.
cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn
Next we need to configure public key infrastructure variables. This is about time you learn basic commands of linux text editor called VI . Issue the following command.
In order to edit the file , hit letter i on your computer. This will take the editor in insert mode. At the end of the file change the email to email of your choice. Leave the other options as it is . After finishing editing hit escape button , and then write :wq and hit enter. Your changes will be saved.
Now is the time to initialize Public key infrastructure and build our own Certificate Authority. Issue the following commands one by one.
cd /etc/openvpn/easy-rsa/2.0/ . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/clean-all . /etc/openvpn/easy-rsa/2.0/build-ca
After the last command , you will be presented with different options , just keep on hitting enter button because we have already set the values in the previous step 4.
In this step to install CentOS OpenVPN we are going to build Server Keys and certificates etc. Issue the following command.
. /etc/openvpn/easy-rsa/2.0/build-key-server server
Just hit enter as many times as it is asked for and twice you will need to enter y when offered with the options of y/n ( meaning yes or no.. you dont have any option but yes 🙂
In the next step we are going to create client keys. Issue the following command.
. /etc/openvpn/easy-rsa/2.0/build-key client1
And as in the previous step , just hit enter as many times as asked for and twice y.
In this step , we are going to generate Diffie Hellman Parameters which are needed for key exchange and authentication with CentOS OpenVPN server on VPS. Issue the following command.
It will take some time and you will see the following output.
In this step , we are going to relocate the client keys to the Client PC. You will need WinScp ftp client and transfer keys to any folder of your choice on your computer using sftp protocol. You will need your vps IP and root login and password to login using WinScp.
Next we need to relocate the following files to /etc/openvpn directory on VPS server
We can do so by issuing the following commands one by one
cd /etc/openvpn/easy-rsa/2.0/keys cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
In this step we are going to configure the client.conf file on the VPS server which we will subequently use to connect to CentOS OpenVPN server. Issue the following commands.
cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/ cp /usr/share/doc/openvpn-2.1.4/sample-config-files/client.conf ~/ cd ~/
Next we need to edit the client.conf file. Issue the following command
Here we will edit the IP of the VPS server and change client.crt and client.key to client1.crt and client1.key.
Now is the time to start the Openvpn server and make it start even after boot. Issue the following commands.
chkconfig openvpn on
Next we are going to edit the server.conf file . Issue the following command
In order to tunnel traffic through vps server uncomment the following line by deleting the starting semicolon
push "redirect-gateway def1 bypass-dhcp"
save the file with :wq
net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
Now we set this variable for the current session by issuing the following command.
echo 1 > /proc/sys/net/ipv4/ip_forward
Next we need to configure IPTables for Nating the traffic through CentOS OpenVPN VPS. Issue the following commands one by one.
Edit the file and make it look like this
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to 46.20.xxx.xx
Instead of 46.20.xxx.xx , use your own VPS IP above.
Now we will install dnsmasq package so that our browser traffic is also routed through the Openvpn on our Centos VPS server. Issue the following commands one by one.
yum install dnsmasq /etc/init.d/dnsmasq start chkconfig dnsmasq on
We need to edit server.conf one last time and add the following line. Issue the command
and add the following line to the file
push "dhcp-option DNS 10.8.0.1"
Hit escape and then :wq to save the file.
Finally we restart the CentOS openvpn server by issuing the following command.
Now on the client side on your pc , you need to download openvpn client from here and install it.
Log in to your server again with winScp and rename the file client.conf on root to client1.conf and transfer it to your PC where you transferred other three files in step 9.
In the programmes Folder on your C drive , go to the OpenVPN folder and then copy all the four files copied to your PC into config/vpn folder. Rename the files client1.config to client1.ovpn .
Now double click openvpn gui and in the task pane at right right click the icon and click on Connect. Here you go.. Enjoy your centos vps as CentOS Openvpn server. Now you can browse with a changed IP address. You should visit any IP identification site like whatismyip.com and see your ip. You IP should be that of your vps. If it is not so , then you missed some steps or did make a mess of some steps of this easiest tutorial on installing openvpn on Centos VPS. My VPS Ip address is of UK. so i can watch BBC iplayer stuff on my computer in Pakistan which otherwise is not possible.