centos

Status

CentOS 7 Set Up OpenVPN Server In 5 Minutes

Leave a comment

OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass the geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN server on CentOS Linux 7 server.

1. Update your system

Run the yum command

sudo yum update

2. Find and note down your IP address

Use the ip command as follows

ip a
ip a show eth0
ip-command-get-my-IP-address-on-CentOS-Linux-7.0.png (599×353)

Another option is to run the following dig command/host command to find out your public IP address from Linux command line

dig +short myip.opendns.com @resolver1.opendns.com

One can grab find IPv4 address using the dig and awk command

dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'

For IPv6 version, try

dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'
AWS EC2 or Lighsail find and note down your NAT IP address

Most cloud servers have two types of IP address

  • Public static IP address directly assigned to your box and routed from the Internet. For example, Linode, Digital Ocean, and others gives you direct public IP address.
  • Private static IP address directly attached to your server and your server is behind NAT with public IP address. For example, AWS EC2/Lightsail give you this kind of NAT public IP address.

The script will automatically detect your networking setup. All you have to do is provide correct IP address when asked for it.

Download and run centos7-vpn.sh script

wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos7-vpn.sh
Download centos7-vpn.sh script to setup OpenVPN server in 5 minutes on CentOS

Setup permissions using the chmod command

chmod +x centos7-vpn.sh

One can view the script using a text editor such as vim/vi

vi centos7-vpn.sh

Run centos7-vpn.sh to install OpenVPN server

Now all you have to do is

sudo ./centos7-vpn.sh

Sample session from AWS/Lightsail where my cloud server is behind NAT

CentOS 7.0 Set Up OpenVPN Server in 5 minutes

Sample session from Linode/DO server where cloud server has direct public IPv4 address

How To Setup OpenVPN Server In 5 Minutes on CentOS 7 Linux

To avoid problem always choose DNS as 1.1.1.1 or Google DNS. Those are fast DNS server and reached from anywhere on the Internet.

VPN client config

At the end of the installation, you need to provide a client name. We can choose client names such as desktop for desktop VPN client or ios for Apple iPhone and so on. We can also encrypt the private key with a password for added security. So every time you start a VPN session, you need to provide a password for added security reasons

CentOS 7 OpenVPN password protect client or not on Linux

How do I start/stop/restart OpenVPN server on CentOS 7

sudo systemctl stop openvpn@server
sudo systemctl start openvpn@server
sudo systemctl restart openvpn@server
sudo systemctl status openvpn@server

Connect an OpenVPN server using IOS/Android/Linux/Windows client

On server your will find a client configuration file called ~/desktop.ovpn. All you have to do is copy this file to your local desktop using the scp command

scp vivek@139.162.60.234:~/deskcop.ovpn .

OR

scp root@139.162.60.234:~/deskcop.ovpn .

Verify/test the connectivity

Execute the following commands after connecting to OpenVPN server from your Linux desktop

ping 10.8.0.1 #Ping to the OpenVPN server gateway
ip route #Make sure routing setup working
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Must return public IP address of OpenVPN server

How to add additional OpenVPN client on a CentOS 7

First, log in to your openvpn based CentOS 7 server using the ssh command

Run downloaded centos7-vpn.sh script again

sudo ./centos7-vpn.sh

A note about trouble shooting OpenVPN server and client issues

Check OpenVPN server for errors

journalctl --identifier openvpn

Is firewall rule setup correctly on your server? Use the cat command to see rules

sudo cat /etc/iptables/add-openvpn-rules.sh

#!/bin/sh
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o eth0 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p udp --dport 1194 -j ACCEPT

Another option is to run iptables command and sysctl command commands to verify NAT rule setup on your server

sudo iptables -t nat -L -n -v
sysctl net.ipv4.ip_forward
NAT Firewall OpenVPN Rules Verification

Insert the rules if not inserted from/etc/iptables/add-openvpn-rules.sh

sudo sh /etc/iptables/add-openvpn-rules.sh
sudo sysctl -w net.ipv4.ip_forward=1

Is OpenVPN server running and port is open? Use the ss command or netstat command and pidof command/ps command

netstat -tulpn | grep :1194 ## 1194 is the openvpn server port ##
ss -tulpn | grep :1194 ## 1194 is the openvpn server port ##
ps aux | grep openvpn ## is the openvpn server running? ##
ps -C openvpn ## is the openvpn server running? ##
pidof openvpn ## find the openvpn server PID ##
Verify that OpenVPN server runnign and Port is Open on ubuntu Linux

If not running, restart the OpenVPN server

sudo systemctl restart openvpn@server

Look out for errors

sudo systemctl status openvpn@server

Ref: https://www.cyberciti.biz/faq/centos-7-0-set-up-openvpn-server-in-5-minutes/