How to install OpenVPN IPsec VPN Tunnel in CentOS 6-7

Posted in Tutorial May 14, 2018


VPN also known as Virtual Private Network , is the safest way to go to the internet , it can be said that it keeps the secure private connection in the open network making your traffic much safer , basically there are few VPN service providers which are open source and free to use , the only think you need to have is a Cloud Servers , There are now cheap yet powerful unmanaged Service providers in the market some being Linode, DigitalOcean , Amazon's own cheaper solution Lightsail and few others .Amazon Web Services , Azure , Google Cloud Compute being for professional and for production environment, Always choose the best and nearest datacenter available for optimum performance, Today i will be discussing how you could install OpenVPN in centos 6.x with easily with few steps to follow, so lets begin, Setup your server and install centos 6.8 in my case , and note down your Server IP address . In Our Test installation environment

ServerIP : X.X.X.X Client name : client
Step 1: Create Instance in DigitalOcean or Linode and Choose your own Server Location,
Note: i will not be explaining how SSH will work and how you should connect to your instance , to know How to connect to SSH to your Server , Check How to connect to Servers using SSH,
Step 2: There are few addons that you might need to complete the installation so follow the steps below
yum install epel-release && yum install openvpn easy-rsa iptables wget -y
Step 3: Once you are done with installation make the directory
mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/ cp openssl-1.0.0.cnf openssl.cnf
step 4: now we need to create the keys and make your modifications to vars variables
cd /etc/openvpn/easy-rsa source ./vars ./build-ca ./build-key-server server ./build-key client ./build-dh openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key
Step 5: Now copy all of your keys to /etc/openvpn folder
cp dh2048.pem ca.crt server.crt server.key ta.key /etc/openvpn/
Step 6: Now once you have started all of your files in openvpn folder you are just few steps away , now your should create a server.conf file in openvpn folder and start the configuration
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
Step 7: Now in the server.conf  file which is located in /etc/openvpn uncomment the following lines and make changes accordingly
push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" user nobody group nobody
Step 8: Enable the iptables  in your system
yum install iptables -y iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE service iptables save
Step 9: enable the ip forwarding in /etc/sysctl.conf file
vi /etc/sysctl.conf net.ipv4.ip_forward = 1
Step 10 :Now restart your server and enable iptables changes and you should be ready to go
service openvpn start chkconfig openvpn on service iptables restart
Step 11: Now your Server is ready to accept your any VPN connection with specified users and keys, Now lets get the client side , client_name.ovpn file and make changes like in the following code.
cp /usr/share/doc/openvpn-2.*/sample/sample-config-files/client.conf /etc/openvpn/ mv client.conf client_name.ovpn remote SERVERIP 1194 cert client.crt key client.key tls-auth ta.key 1
Note: Make sure the keys are in same directory in clients device so the file can access it , else You can do it in a single file in the following format
remote SERVERIP 1194 <cert> Content of client.crt</cert> <key> Content of client.key </key> <tls-auth> Content of ta.key </tls-auth>
Step 13: This should be the final step , Make sure you install Openvpn for windows if its windows OS or tunnelblick for mac , and for other Client OS liek ubuntu and centOS GUI versions , just install openvpn using yum. and You are ready to get a private connection Summary: This instruction is just for demo purpose , Please comment if you have any issues during the installation, i will try my best to reply !

sangv. Info