How To Install Open VPN On Centos 7

 # yum update 
  •  Then Install The epel package
 # rpm -Uvh http://ftp-stud.hs-esslingen.de/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm
  • Then install epel repository, openvpn easy rsa and iptables
# yum -y install epel-repository openvpn easy-rsa iptables-services
  •  then move copy the default configuration into configuration directory
# cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf  /etc/openvpn
  •  open the server.conf
# vi /etc/openvpn/server.conf
  •  When we generate our keys later, the default Diffie-Hellman encryption length for Easy RSA will be 2048 bytes, so we need to change the dh filename to dh2048.pem.
# dh dh2048.pem
  • and change other configuration as shown below
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
user nobody
group nobody
  • save the configuration
  • create a directory for the keys to go in.
 # mkdir -p /etc/openvpn/easy-rsa/keys
  • copy the key and certificate generation scripts into the directory
# cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa 
  • open vars file
# vi /etc/openvpn/easy-rsa/vars
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="youremail@your-domain.com"
export KEY_OU="MyOrganizationalUnit"

# X509 Subject Field
export KEY_NAME="server"

# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
export KEY_CN="openvpn.yourdomain.com"

  • We're going to do this by copying the required configuration file and removing the version number.
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
# cd /etc/openvpn/easy-rsa
# source ./vars
# ./clean-all
# ./build-ca
# ./build-key-server server
# ./build-dh
# cd /etc/openvpn/easy-rsa/keys
# cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
# cd /etc/openvpn/easy-rsa
# ./build-key client
# systemctl mask firewalld
# systemctl enable iptables
# systemctl stop firewalld
# systemctl start iptables
# iptables --flush
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# iptables-save > /etc/sysconfig/iptables
# vi /etc/sysctl.conf
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
  • Start The Openvpn    

            # systemctl restart network.service

            # systemctl -f enable openvpn@server.service

            # systemctl start openvpn@server.service

  • The Client Configuration File ( .ovpn )
client
dev tun
proto udp



remote yourhost/ip 1194
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
comp-lzo
verb 3
route-method adaptive
route-delay 2


persist-key

persist-tun

auth-user-pass 
redirect-gateway

# Tune openvpn
mssfix 1300

mute-replay-warnings

# Tweak speed
sndbuf 393216
rcvbuf 393216

route yourhost/ip 255.255.255.255 net_gateway
route 0.0.0.0 0.0.0.0

<ca>
-----BEGIN CERTIFICATE-----
#enter the /etc/openvpn/easy-rsa/keys/ca.crt 
-----END CERTIFICATE-----
</ca>

<cert>
#enter the /etc/openvpn/easy-rsa/keys/client.crt 
</cert>

<key>
-----BEGIN PRIVATE KEY-----
#enter the /etc/openvpn/easy-rsa/keys/client.key 
-----END PRIVATE KEY----- 
</key>