Portal Home > Knowledgebase > FAQ > How To Install OpenVPN on CentOS

How To Install OpenVPN on CentOS

How To Install OpenVPN on CentOS
Create your own Vpn in 15 minutes

tested - https://bosonvps.com/vps_server.html
XenVps05: RAM - 512 Mb HDD - 15 GB Location - Usa - 6usd/mo
Operating System - Centos 5.3-x86

software that will be needed
putty - Free SSH client for Windows: putty.org
WinSCP - Free SFTP and FTP client for Windows easy copy files: winscp.net

#cat /dev/net/tun
"cat: /dev/net/tun: File descriptor in bad state"
*"File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

#yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

for 32bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
for 64bit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Build the rpm packages
#rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
#rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
*Note: remember to change i386 to x86_64 if you're using 64bit

#yum install openvpn

Сreate the certificate

cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
*Note: version can be changed check the folder "openvpn-2.2.2"

#cd /etc/openvpn/easy-rsa/2.0
#chmod 755 *
#source ./vars

Country Name (2 letter code) [US]: filled or press enter
State or Province Name (full name) [CA]: filled or press enter
Locality Name (eg, city) [SanFrancisco]: filled or press enter
Organization Name (eg, company) [Fort-Funston]: filled or press enter
Organizational Unit Name (eg, section) [changeme]: filled or press enter
Common Name (eg, your name or your server's hostname) [changeme]: vpn
Name [changeme]: filled or press enter
Email Address [mail@host.domain]: filled or press enter
*Note: Common Name: - need to fill in

#./build-key-server server
filled or press enter
*Note: Common Name: server

A challenge password: Enter
Optional company name: Enter
sign the certificate: y
1 out of 1 certificate requests: y


Сreate client key:
#chmod +x build-key
#./build-key client
filled or press enter
Common Name (eg, your name or your server's hostname) [client]: client
*Note: Common Name: - client1, clien2,...

openvpn --genkey --secret keys/ta.key

Copy file "ca.crt, dh1024.pem, server.crt, server.key, ta.key" in /etc/openvpn/keys
#mkdir /etc/openvpn/keys
#cd /etc/openvpn/keys
#cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt .
#cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem .
#cp /etc/openvpn/easy-rsa/2.0/keys/server.crt .
#cp /etc/openvpn/easy-rsa/2.0/keys/server.key .
#cp /etc/openvpn/easy-rsa/2.0/keys/ta.key .

need created server.conf and copy to /etc/openvpn/

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
push "redirect-gateway def1"
push "dhcp-option DNS"
push "dhcp-option DNS"
mode server
client-config-dir ccd
tls-auth /etc/openvpn/keys/ta.key 0
auth SHA512
cipher BF-CBC
keepalive 10 120
max-clients 10
verb 3

#chkconfig openvpn on
#modprobe tun
#echo "1" > /proc/sys/net/ipv4/ip_forward

Edit /etc/sysctl.conf
net.ipv4.ip_forward = 0
and replace with
net.ipv4.ip_forward = 1

Route iptables
#/sbin/iptables -t nat -A POSTROUTING -s -j SNAT --to-source IPVPSSERVER

#mkdir /etc/iptables
#/sbin/iptables-save > /etc/iptables/rules
#echo "/sbin/iptables-restore < /etc/iptables/rules" >> /etc/rc.d/rc.local


all ready!



copy key files from server to C:\Program Files\OpenVPN\config

created client.ovpn

dev tun
proto udp
remote IPVPSSERVER 1194
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
auth SHA512
cipher BF-CBC
ns-cert-type server
verb 3

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read