How to Install OpenVPN on Centos Linux VPS

I am back after a long time , courtesy my loyal companion which is none other than lethargy. This time around i am going to write a tutorial on installing CentOS OpenVPN on a vps. This will be graphical like my other tutorials so that if you follow through , you install CentOS OpenVPN successfully and use it. The big question is why i should install openvpn on vps? Well for me the biggest reason is that i want to change my ip to watch stuff like Hulu and BBC iPlayer which is restricted in my country. Another benefit of CentOS OpenVPN is the security it offers by encrypting traffic on public networks like public wifi spots which are not very safe otherwise. There might be some other business benefits which i am not aware of.

Requirements:

You will need to buy a VPS with vanilla install of Centos 32 bit as OS to install CentOS OpenVPN . The minimum memory is 64 mb but i would recommend 128 mb to be on the safe side. You will buy vps with an IP of the country u wish to see content from. For example if you want to watch HULU or other american restricted content , you will buy vps with IP located in USA . If you want to watch BBC content , you will need to buy vps from UK  hosting companies. If you just want to byepass content filters in your country , then any vps outside your country will do once you successfully install CentOS OpenVPN.

You will also need to download and install Putty which you can find here.

Step 1.

Log in to your VPS using Putty.

On the next screen login with user root and your root password.

Step 2:

You also need to ensure that TUN/TAP interface is installed and enabled by your vps provider to install CentOS OpenVPN. In order to check if TUN/TAP is installed or not , issue the follow command and see the output. If the output is something like this ” File Descriptor is in bad state” , then TUN/TAP is installed . Otherwise contact your VPS provider to install it or correctly install it.

cat /dev/net/tun

Step 3

In order to install CentOS OpenVPN server on the vps we need to add extra respository named EPEL. Issue the following command to add the repository on Centos 32 bit.

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Then issue the following command

yum update

After the Centos OS updates , issue the following command to install OpenVPN server on the VPS

yum install openvpn

Step 4

CentOS OpenVPN uses easy-rsa as its encryption tools. In order for them to work correctly , they are required to be moved to openvpn directory.  Issue the following command.

cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn

Step 5

Next we need to configure public key infrastructure variables. This is about time you learn basic commands of linux text editor called VI . Issue the following command.

vi /etc/openvpn/easy-rsa/2.0/vars

In order to edit the file , hit letter i on your computer. This will take the editor in insert mode. At the end of the file change the email to email of your choice.  Leave the other options as it is . After finishing editing hit escape button , and then write :wq and hit enter. Your changes will be saved.

Step 6

Now is the time to initialize Public key infrastructure and build our own Certificate Authority. Issue the following commands one by one.

cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
. /etc/openvpn/easy-rsa/2.0/build-ca

After the last command , you will be presented with different options , just keep on hitting enter button because we have already set the values in the previous step 4.

Step 7

In this step to install CentOS OpenVPN we are going to build Server Keys and certificates etc. Issue the following command.

. /etc/openvpn/easy-rsa/2.0/build-key-server server

Just hit enter as many times as it is asked for and twice you will need to enter y when offered with the options of y/n ( meaning yes or no.. you dont have any option but yes 🙂

Step 8

In the next step we are going to create client keys. Issue the following command.

. /etc/openvpn/easy-rsa/2.0/build-key client1

And as in the previous step , just hit enter as many times as asked for and twice y.

Step 9

In this step , we are going to generate Diffie Hellman Parameters which are needed for key exchange and authentication with CentOS OpenVPN server on VPS. Issue the following command.

. /etc/openvpn/easy-rsa/2.0/build-dh

It will take some time and you will see the following output.

Step 10

In this step , we are going to relocate the client keys to the Client PC. You will need WinScp ftp client and transfer keys to any folder of your choice on your computer using sftp protocol. You will need your vps IP and root login and password to login using WinScp.

Step 11

Next we need to relocate the following files to /etc/openvpn directory on VPS server

  • ca.crt
  • ca.key
  • dh1024.pem
  • server.crt
  • server.key

We can do so by issuing the following commands one by one

cd /etc/openvpn/easy-rsa/2.0/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Step 11

In this step we are going to configure the client.conf file on the VPS server which we will subequently use to connect to CentOS OpenVPN server. Issue the following commands.

cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/
cp /usr/share/doc/openvpn-2.1.4/sample-config-files/client.conf ~/
cd ~/

Next we need to edit the client.conf file. Issue the following command

 vi ~/client.conf

Here we will edit the IP of the VPS server and change client.crt and client.key to client1.crt and client1.key.

Save hitting escape and then :wq and exit Vi editor.

Step 12

Now is the time to start the Openvpn server and make it start even after boot. Issue the following commands.

/etc/init.d/openvpn start
chkconfig openvpn on

Next we are going to edit the server.conf file . Issue the following command

vi /etc/openvpn/server.conf

In order to tunnel traffic through vps server uncomment the following line by deleting the starting semicolon

push "redirect-gateway def1 bypass-dhcp"

save the file with :wq

Next issue the following command

vi /etc/sysctl.conf

Change

net.ipv4.ip_forward = 0

to

net.ipv4.ip_forward = 1

Now we set this variable for the current session by issuing the following command.

echo 1 > /proc/sys/net/ipv4/ip_forward

Next we need to configure IPTables for Nating the traffic through CentOS OpenVPN VPS. Issue the following commands one by one.

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to 46.20.xxx.xx
Instead of 46.20.xxx.xx , use your own VPS IP above.
 
Step 13
 
Next issue the following command to make these IPtables rules permanant.
vi /etc/rc.local

Edit the file and make it look like this

#!/bin/sh

#

# […]

#

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to 46.20.xxx.xx

touch /var/lock/subsys/local

Instead of 46.20.xxx.xx , use your own VPS IP above.

Step 14

Now we will install dnsmasq package so that our browser traffic is also routed through the Openvpn on our Centos VPS server. Issue the following commands one by one.

yum install dnsmasq
/etc/init.d/dnsmasq start
chkconfig dnsmasq on

Step 15

We need to edit server.conf one last time and add the following line. Issue the command

vi /etc/openvpn/server.conf

and add the following line to the file

 

push "dhcp-option DNS 10.8.0.1"

Hit escape and then :wq to save the file.

Finally we restart the CentOS openvpn server by issuing the following command.

/etc/init.d/openvpn restart

Now on the client side on your pc , you need to download openvpn client from here and install it.

Log in to your server again with winScp and rename the file client.conf on root to client1.conf and transfer it to your PC where you transferred other three files in step 9.

In the programmes Folder on your C drive , go to the OpenVPN folder and then copy all the four files copied to your PC into config/vpn   folder. Rename the files client1.config to client1.ovpn .

Now double click openvpn gui and in the task pane at right right click the icon and click on Connect. Here you go.. Enjoy your centos vps as CentOS Openvpn server. Now you can browse with a changed IP address. You should visit any IP identification site like whatismyip.com and see your ip. You IP should be that of your vps. If it is not so , then you missed some steps or did make a mess of some steps of this easiest tutorial on installing openvpn on Centos VPS.  My VPS Ip address is of UK. so i can watch BBC iplayer stuff on my computer in Pakistan which otherwise is not possible.

53 Comments

  1. Jones
    • ComputerGuru
    • ComputerGuru
  2. Jones
  3. Jones
  4. Stephane
  5. Ray
  6. Marc
    • James
    • Gareth
  7. Marc
    • Rob
      • Rob
    • Niklas
  8. Jonathan
  9. Larry
  10. Marc
  11. nady
  12. James
  13. franz
  14. Freddy
    • Benjamin
  15. David Raza
  16. hadi
  17. amin
  18. Amir
  19. ron
  20. ComputerGuru
  21. Linn
    • Linn
  22. Mike
  23. Amr
  24. max
  25. Topi
  26. vpnhelp
  27. toozealous
  28. Smith
  29. Mahmoud Ezz
  30. Greendy
  31. sateesh
  32. Medienteufel
  33. ramon1604
  34. Michael
  35. zulima
  36. Liam
  37. asae
  38. Goh
  39. Muhammad Usman
  40. Dejavu

Leave a Reply