How to setup OpenVPN Server on Centos 7

-

Introduction

Learn how to set up an OpenVPN server on CentOS 7 with this comprehensive step-by-step guide. Ensure your network's security and privacy with one of the most reliable VPN solutions available. Perfect for both beginners and advanced users.

Setting up a secure and reliable VPN is essential for ensuring privacy and data protection, especially in today's increasingly interconnected world. OpenVPN is one of the most trusted and robust VPN solutions available, providing a high level of security and flexibility for both businesses and individual users. This guide will walk you through the process of setting up an OpenVPN server on CentOS 7, offering step-by-step instructions to help you establish a secure connection that meets your specific needs.

Step 1: Prepare install OpenVPN server

sudo yum update -y
sudo yum install epel-release -y
sudo yum update -y
sudo yum install -y openvpn easy-rsa

Configure Ip forwarding for OpenVPN Server
vim /etc/sysctl.conf
The content sysctl.conf file as below:
Packet forwarding
net.ipv4.ip_forward = 1

Step 2: Configure OpenVPN Server

Open server.conf file
vim /etc/openvpn/server.conf
The content configure as below:
#Secure OpenVPN Server Config
#Basic Connection Config
dev tun
proto udp
port 1194
keepalive 10 120
max-clients 4

#Certs
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0

#Ciphers and Hardening
reneg-sec 0
remote-cert-tls client
crl-verify crl.pem
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

#Drop Privs
user nobody
group nobody

#IP pool
server 10.10.100.0 255.255.255.0
topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir client_dir

#Misc
persist-key
persist-tun
comp-lzo

#DHCP Push options force all traffic through VPN and sets DNS servers
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

#Logging
log-append /var/log/openvpn.log
verb 3

Create client configure folder

sudo mkdir /etc/openvpn/client_dir
cd ~
/usr/share/easy-rsa/3/easyrsa init-pki
/usr/share/easy-rsa/3/easyrsa build-ca
/usr/share/easy-rsa/3/easyrsa gen-dh
/usr/share/easy-rsa/3/easyrsa build-server-full vpn-server
/usr/share/easy-rsa/3/easyrsa build-client-full vpn-client-01
/usr/share/easy-rsa/3/easyrsa gen-crl
openvpn --genkey --secret pki/ta.key

sudo cp pki/ca.crt /etc/openvpn/ca.crt
sudo cp pki/dh.pem /etc/openvpn/dh.pem
sudo cp pki/issued/vpn-server.crt /etc/openvpn/server.crt
sudo cp pki/private/vpn-server.key /etc/openvpn/server.key
sudo cp pki/ta.key /etc/openvpn/ta.key
sudo cp pki/crl.pem /etc/openvpn/crl.pem

Start OpenVPN Server

sudo systemctl -f enable openvpn@server.service
sudo systemctl start openvpn@server.service

The display log OpenVPN Server
sudo tail -f /var/log/openvpn.log

Configure IPTables allow OpenVPN Server

-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED --sport 1194 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -s 10.10.100.0/24 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Start , enable iptables services

sudo systemctl enable iptables
sudo systemctl start iptables
sudo service iptables save

Step 3: Setup client OpenVPN

cd ~
mkdir vpn-client-01-config
cp pki/ca.crt vpn-client-01-config/ca.crt
cp pki/issued/vpn-client-01.crt vpn-client-01-config/client.crt
cp pki/private/vpn-client-01.key vpn-client-01-config/client.key
cp pki/ta.key vpn-client-01-config/ta.key
To configure client with client.ovpn
vim vpn-client-01-config/client.ovpn
The content as below:
# Secure OpenVPN Client Config

#viscosity dns full
#viscosity usepeerdns true
#viscosity dhcp true
tls-client
pull
client
dev tun
proto udp
remote 123.123.123.123 1194
redirect-gateway def1
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
remote-cert-tls server
ns-cert-type server
key-direction 1
cipher AES-256-CBC
tls-version-min 1.2
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
use tar command to compress folder vpn-client-01-config
tar cvfz vpn-client-01-config.tgz vpn-client-01-config
To download vpn-client-01-config.tgz your windows or linux. How to connect openvpn server from a linux computer

Conclusion

By following the steps outlined in this guide, you have successfully set up an OpenVPN server on CentOS 7. This secure VPN solution not only safeguards your data but also provides the flexibility and control necessary for managing your network traffic. Whether you are securing a business environment or enhancing your personal online privacy, OpenVPN on CentOS 7 offers a powerful and reliable way to protect your connections.

Comments

Post a Comment

Popular posts from this blog

How to Install Python 3.13

-
Introduction Python 3.13, the latest version of the Python programming language, comes with several performance enhancements, improved syntax, and more powerful libraries. Whether you're a beginner or an experienced developer, installing the latest version is crucial for taking full advantage of these features. This deep guide will cover the installation process on Windows, macOS, and Linux, followed by advanced configuration tips for an optimal Python environment. In this tutorial, you'll also learn how to set up virtual environments, manage dependencies, and handle multiple Python versions efficiently. Let’s explore the full how to install Python 3.13 journey across different operating systems and dive into more advanced topics. Why Upgrade to Python 3.13? Before diving into the installation, it’s worth highlighting the key improvements and features that come with Python 3.13: Asynchronous Performance : Enhanced performance for asynchronous operations and networking. Syntax ...
Read more

How to Install Docker on Linux Mint 22: A Step-by-Step Guide

-
Introduction Docker has become an essential tool for developers and system administrators, providing a streamlined way to deploy and manage applications in containers. This guide will walk you through the process of installing Docker on Linux Mint 22, from the basics to more advanced configurations. What is Docker Docker   is a platform designed to simplify the development, deployment, and running of applications by using containers. Containers allow developers to package an application with all its dependencies, ensuring that it runs consistently across different environments. Why Use Docker on Linux Mint 22? Linux Mint 22, known for its stability and user-friendly interface, is an excellent choice for setting up Docker. Whether you're a developer looking to streamline your workflow or a sysadmin managing complex applications, Docker on Linux Mint can significantly enhance your productivity. Prerequisites Before we start, make sure you have the following: A system running Lin...
Read more

zimbra some services are not running [Solve problem]

-
Introduction How to solved zimbra some services are not running. That after, to installed zimbra mail server. The display a some admin console status red in environment multiple server ( zimbra ldap, zimbra mailbox, zimbra mta etc.). Link to below you maybe likes: How to install and configure zimbra multi server.   How to restrict to user sending mail on zimbra 8.6. How to Restrict Sending to Distribution list in zimbra mail. How to change last login time for all accounts in zimbra ldap. How to zimbra reject authenticated sender login mismatch. Error zimbra some services are not running as bellow Step by step guide the solve problem zimbra some services are not running To restart and enable cron service the permanently. service crond restart chkconfig crond on Opening rsyslog.conf file and uncomment the following. vim /etc/rsyslog.conf Uncomment these two lines $modload imupd $UDPServerRun514   To restart and enable rsyslog service the permanently. servic...
Read more