tutorial how to install openvpn on centos 6

tutorial how to install openvpn on centos 6, many people ask me how to install openvpn on centos 6.3 because many people failed install openvpn  to their linux centos 6. failed install openvpn linux centos 6 and how to fix this, you should must check every step and why open vpn failed start or wrong configuration. if you need how to install openvpn on centos 5 you can see this link ==> install openvpn centos 5

ok, lets try step by step install openvpn with linux centos 6.x

first lets check

#ls -al /dev/net/tun

and output :
#crw------- 1 root root 10, 200 Jun 15 21:07 /dev/net/tun
if not enable you can request enable tun / tap to your vps provider, usually vps with openvz virtualization they disable tun/tap by default, to enable this you can request and ask to your provide vps
we need install package for openvpn install them :

#yum install gcc rpm-build autoconf.noarch zlib-devel nano pam-devel openssl-devel automake make zip -y

now we needed download openvpn and lzo :

Install LZO first

LZO centos 6 64bit

#wget http://pkgs.repoforge.org/lzo/lzo-2.06-1.el6.rfx.x86_64.rpm

#rpm -Uvh lzo-2.06-1.el6.rfx.x86_64.rpm

LZO centos 6 32bit

#wget http://pkgs.repoforge.org/lzo/lzo-2.06-1.el6.rfx.i686.rpm

#rpm -Uvh lzo-2.06-1.el6.rfx.i686.rpm

before installing openvpn you need pkcs

centos 6 64bit

#wget http://pkgs.repoforge.org/pkcs11-helper/pkcs11-helper-1.08-1.el6.rf.x86_64.rpm

#wget http://pkgs.repoforge.org/pkcs11-helper/pkcs11-helper-devel-1.08-1.el6.rf.x86_64.rpm

#rpm -Uvh pkcs11-helper-1.08-1.el6.rf.x86_64.rpm

#rpm -Uvh pkcs11-helper-devel-1.08-1.el6.rf.x86_64.rpm

centos 6 32bit

#wget http://pkgs.repoforge.org/pkcs11-helper/pkcs11-helper-1.08-1.el6.rf.i686.rpm

#wget http://pkgs.repoforge.org/pkcs11-helper/pkcs11-helper-devel-1.08-1.el6.rf.i686.rpm

#rpm -Uvh pkcs11-helper-1.08-1.el6.rf.i686.rpm

#rpm -Uvh pkcs11-helper-devel-1.08-1.el6.rf.i686.rpm

 

now after complete you need install openvpn on your centos 6

with centos 6 64bit

#wget http://pkgs.repoforge.org/openvpn/openvpn-2.2.2-1.el6.rf.x86_64.rpm

#rpm -Uvh openvpn-2.2.2-1.el6.rf.x86_64.rpm

with centos 6 32bit

#wget http://pkgs.repoforge.org/openvpn/openvpn-2.2.2-1.el6.rf.i686.rpm

#rpm -Uvh openvpn-2.2.2-1.el6.rf.i686.rpm

 

done, now you have openvpn on your OS, but you need configuration and setting to your server, and make good running this openvpn.

if you dont have easy-rsa lets make this available with same version openvpn,

#wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
#tar -zxvf openvpn-2.2.2.tar.gz
#cd openvpn-2.2.2

copy easy-rsa folder to /etc/openvpn

#mkdir -p /etc/openvpn
#cp -r easy-rsa /etc/openvpn
#cd /etc/openvpn/easy-rsa/2.0

check are on that folder contain file openssl.cnf ?

#ls /etc/openvpn/easy-rsa/2.0

if you dont have that file or openvpn not found openssl.cnf lets you can copy or rename openssl-1.0.0.cnf become openssl.cnf use command :

#cp openssl-1.0.0.cnf openssl.cnf

ok, now same like install openvpn on centos 5

creating and build ca certified

#cd /etc/openvpn/easy-rsa/2.0
#source ./vars
#./vars
#./clean-all
#./build-ca

if you read question you can skip just answer “Common Name”

 

we need build key server

tutorial centos
#./build-key-server server

 

build Diffie Hellman

# ./build-dh

now almost done tutorial install openvpn on centos, but we need build and manage all openvpn file to easy manage and create user etc.

 

copy all to /etc/openvpn/keys to make you easily manage your open VPN letter

tutorial centos
#cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R

go to directory /etc/openvpn/

# cd /etc/openvpn/

before create config server, you may need backup first

#cp server.conf server.conf.bak

edit server.conf, you need put it blank and write text dev tun

# vi server.conf

delete all text and put only text dev tun

now we need create config for server, example we need and use tcp on port 443

#vi config443.conf

then write this :

port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

see line with text server 10.8.0.0 255.255.255.0 (remember this)

 

now see are your openvpn running work fine or not, use command

#service openvpn start

if not running fine, you can see from first and check again on config443.conf, or for first troubleshooting openvpn not work fine you can delete first config443.conf and restart again openvpn, if your script running lets do next step.

 

Enabling packet forwarding :

#echo 1 > /proc/sys/net/ipv4/ip_forward

 

check again on your config remember line server 10.8.0.0 now Edit NAT table for MASQUERADING (if you have XEN VPS or Dedicated Server) use command :

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

if you have vps you can use command :

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to yourip

 

configure client :
now download openvpn client to your windows system http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
download ca.crt in directory /etc/openvpn/keys/
create file and put in : c:\program files\openvpn\config
client
dev tun
proto tcp
remote 70.99.166.214 443
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

last we needed create account :

#adduser new-account -m -s /bin/false

create password

#passwd new-account

then restart openvpn

#service openvpn restart 

and connect to your openvpn and enjoy your vpn server, tutorial centos how easy install and configure openvpn on centos 6

Comments are closed.

Post Navigation