Install OpenVPN on VPS

Step-1: Login to your VPS terminal using your VPS Username and  Password. Firstly, you also need to ensure that TUN/TAP interface is installed and enabled in your vps. In order to check if TUN/TAP is installed or not , issue the follow command and see the output. If the output is something like this ” File Descriptor is in bad state” , then TUN/TAP is installed.

 

cat /dev/net/tun

 

If not, please raise a support ticket so that we can enable TUN/TAP in your VPS.

 

Step-2: In order to install OpenVPN server on the vps we need to add extra respository named EPEL. Issue the following command to add the repository on Centos 32 bit.

 

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

 

Then issue the following command;

 

yum update

 

After the Centos OS updates , issue the following command to install OpenVPN server on the VPS

 

yum install openvpn

 

Step-3: OpenVPN uses easy-rsa as its encryption tools. In order for them to work correctly , they are required to be moved to openvpn directory.  Issue the following command.

 

cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn

 

Step-4: Next we need to configure public key infrastructure variables. Issue the following command;

 

vi /etc/openvpn/easy-rsa/2.0/vars

 

In order to edit the file , hit letter i on your computer. This will take the editor in insert mode. At the end of the file change the email to email of your choice. Leave the other options as it is . After finishing editing hit escape button , and then write :wq and hit enter. Your changes will be saved.

 

Step-5: Now is the time to initialize Public key infrastructure and build our own Certificate Authority. Issue the following commands one by one.

 

cd /etc/openvpn/easy-rsa/2.0/

. /etc/openvpn/easy-rsa/2.0/vars

. /etc/openvpn/easy-rsa/2.0/clean-all

. /etc/openvpn/easy-rsa/2.0/build-ca

 

After the last command , you will be presented with different options. Please keep on hitting 'enter' button because we have already set the values in the previous step-4

 

Step-6: In this step we are going to build Server Keys and certificates etc. Issue the following command.

 

. /etc/openvpn/easy-rsa/2.0/build-key-server server

 

Just hit enter as many times as it is asked for and twice you will need to enter y when offered with the options of y/n ( meaning yes or no.. you dont have any option but yes)

 

Step-7: In the next step we are going to create client keys. Issue the following command.

 

. /etc/openvpn/easy-rsa/2.0/build-key client1

 

And as in the previous step , just hit enter as many times as asked for and twice y.

 

Step-8: In this step , we are going to generate Diffie Hellman Parameters which are needed for key exchange and authentication with OpenVPN server on VPS. Issue the following command.

 

. /etc/openvpn/easy-rsa/2.0/build-dh

 

Step-9: In this step , we are going to relocate the client keys to the Client PC. You will need WinScp ftp client and transfer keys to any folder of your choice on your computer using sftp protocol. You will need your vps IP and root login and password to login using WinScp.

 

Step-10: Next we need to relocate the following files to /etc/openvpn directory on VPS server

 

ca.crt

ca.key

dh1024.pem

server.crt

server.key

 

We can do so by issuing the following commands one by one

 

cd /etc/openvpn/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

 

Step-11: In this step we are going to configure the client.conf file on the VPS server which we will subequently use to connect to OpenVPN server. Issue the following commands.

 

cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

cp /usr/share/doc/openvpn-2.1.4/sample-config-files/client.conf ~/

cd ~/

 

Next we need to edit the client.conf file. Issue the following command

 

vi ~/client.conf

Here we will edit the IP of the VPS server and change client.crt and client.key to client1.crt and client1.key.

 

 

Save hitting escape and then :wq and exit Vi editor.

 

Step-12: Now is the time to start the Openvpn server and make it start even after boot. Issue the following commands.

 

/etc/init.d/openvpn start

chkconfig openvpn on

 

Next we are going to edit the server.conf file . Issue the following command

 

vi /etc/openvpn/server.conf

 

In order to tunnel traffic through vps server uncomment the following line by deleting the starting semicolon

 

push "redirect-gateway def1 bypass-dhcp"

 

save the file with :wq

 

Next issue the following command

 

vi /etc/sysctl.conf

 

Change

 

net.ipv4.ip_forward = 0

to

net.ipv4.ip_forward = 1

 

Now we set this variable for the current session by issuing the following command.

 

echo 1 > /proc/sys/net/ipv4/ip_forward

 

 

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to xx.xx.xxx.xx

 

(Instead of xx.xx.xxx.xx , use your own VPS IP above)

 

Step-13: Next issue the following command to make these IPtables rules permanant.

 

vi /etc/rc.local

 

Edit the file and make it look like this

 

#!/bin/sh

#

# [...]

#

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to xx.xx.xxx.xx

 

touch /var/lock/subsys/local

 

Instead of xx.xx.xxx.xx , use your own VPS IP above.

 

Step-14: Now we will install dnsmasq package so that our browser traffic is also routed through the Openvpn on our Centos VPS server. Issue the following commands one by one.

 

yum install dnsmasq

/etc/init.d/dnsmasq start

chkconfig dnsmasq on

 

Step-15: We need to edit server.conf one last time and add the following line. Issue the command

 

vi /etc/openvpn/server.conf

 

and add the following line to the file

 

push "dhcp-option DNS 10.8.0.1"

 

Hit escape and then :wq to save the file.

 

Finally we restart the openvpn server by issuing the following command.

 

/etc/init.d/openvpn restart

 

Now on the client side on your pc , you need to download openvpn client from here and install it.

 

Log in to your server again with winScp and rename the file client.conf on root directory to client1.conf and transfer it to your PC where you transferred other three files in step 9.

 

In the "program files" Folder on your C drive , go to the OpenVPN folder and then copy all the four files copied to your PC into config/vpn   folder. Rename the files client1.config to client1.ovpn .

 

Now double click openvpn gui and in the task pane at right right click the icon and click on Connect. Here you go.. Enjoy your centos vps as Openvpn server. Now you can browse with a changed IP address. You should visit any IP identification site like whatismyip.com and see your ip. Your IP should be that of your vps.

 

:)

 

  • 9 Users Found This Useful
這篇文章有幫助嗎?

相關文章

Connecting to your VPS via VNC

This knowledge base article will explain how you can connect to your VNC enabled Linux VPS....

How to set reverse DNS (rDNS)

At the moment you need to open a Helpdesk ticket and provide your IP and PTR record you want set,...

My SSH shows "-bash-*". How to change?

When a Xen VPS is delivered and you login for the first time you might see something similar to...

Installing OpenVPN on OpenVZ VPS (CentOS)

You must enable tun/tap and or PPP directly from inside VPS Manager under "settings" tab. then...

How to add website via webmin

This is a great tutorial how you can add new domain/website using webmin....