Category Archives: Tutorials

This is where we will post guide’s and tutorials on how to accomplish various things. We will try to keep this updated on weekly basis.

openvpn-lg

How to Install OpenVPN on a VPS or Dedicated Server

**** If you purchase one of our Fully Managed VPS plans, we will setup openVPN completely for you and give you instructions on how to use it. Alternatively you can purchase one of our Unmanaged VPS plans, and use the guide below to configure and install your OpenVPN software. Enjoy & Share. ****

You must be hearing a lot about VPNs these days. We have witnessed the demand for VPNs rising rapidly in recent years.  Moreover, Google trends also show the rise in the search trend of “VPN” and VPN-related keywords.

VPN stands for Virtual Private Network, and there are many reasons why people use them.  Security, Internet Censorship, and privacy on public Wi-Fi are just a few of the many reasons.  In this article I will be discussing how to install OpenVPN on a VPS or dedicated server to allow you to have VPN connections to your server.

For this tutorial, we will be installing OpenVPN on a VPS running CentOS 6.x 64-bit with 1GB of RAM.
Requirements
  • Vanilla OS install (preferable)
  • 64MB of RAM (128MB recommended)
  • Root SSH Access
  • TUN/TAP
  • SFTP Client

First and foremost we need to connect to our server via SSH.  If you do not have an SSH client installed, I would highly recommend PuTTy.  It’s free and you can find it via a quick Google search.  I use SecureCRT, as it makes saving my SSH sessions very easy.

Once you are connected via SSH we can get to work.  The next thing we need to do is verify that TUN/TAP is enabled.  To do this run the following:

cat /dev/net/tun
If TUN/TAP is enabled, it will return the following:
[root@vpn ~]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
If you get anything else, you will need to contact your hosting provider to have TUN enabled.  Generally if it is disabled it will return a “file not found” message.

We will proceed by installing some modules which will be required later on in the install process.

yum install gcc make rpm-build zlib-devel pam-devel openssl openssl-devel autoconf.noarch nano -y
Lets download the OpenVPN REPO and RPMForge REPO install files.
CentOS 6.x 64-bit
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
If you are using CentOS 5.x, change the “el6” in the second URL to “el5“.  If you’re using the 32-bit version of your OS, change “x86_64” to read “i386
Next we need to build and install the RPM packages we just downloaded.
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-1.08-4.rf.src.rpm
rpm -Uvh rpmforge-release*
Now we have prepared our server for the install of OpenVPN.
yum install openvpn -y
Copy the contents of the “easy-rsa” folder to /etc/openvpn so we can build the certificates required to connect to the VPN.
cp -R /usr/share/doc/openvpn-2.*/easy-rsa/ /etc/openvpn/
It’s time to create the certificate.
cd /etc/openvpn/easy-rsa/2.0</pre>
</div>
<div>cp openssl-1.0.0.cnf openssl.cnf
 chmod 755 *
 source ./vars
 ./vars
 ./clean-all
The next step will actually build the certificate.  It will ask you questions and they will need to be modified or you can just press “enter” to skip through most of them.
./build-ca
  • Country Name: Press enter to leave unchanged
  • State or Province Name: Press enter to leave unchanged
  • Locality Name: Press enter to leave unchanged
  • Organization Name: Press enter to leave unchanged
  • Organizational Unit Name: Press enter to leave unchanged
  • Common Name: Press enter to leave unchanged
  • Name: Press enter to leave unchanged
  • Email Address: Press enter to leave unchanged
./build-key-server server

Use the same entries as build-ca, along with the following additional parameters

  • A challenge password:Leave this blank
  • An optional company name:Optional
  • Sign the certificate?: y
  • 1 out of 1 certificate requests certified, commit?: y

Build DH Parameters (this may take a moment):

./build-dh

We will now make a configuration file for OpenVPN.  You may use any text editor you like.  I prefer nano and will use it for the remainder of this tutorial.

nano /etc/openvpn/config-default.conf
local x.x.x.x #- your_server_ip
port 1194 #- default port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.3.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
If you’re using nano you can save and close the file by “Ctrl+X” and typing “y” at the prompt asking to save changes.
Now lets start the OpenVPN server using the configuration file we just made.
openvpn /etc/openvpn/config-default.conf &
Ctrl+C to exit from the process monitor.  OpenVPN should remain running in the background.
Enable IP forwarding on the server:
echo 1 > /proc/sys/net/ipv4/ip_forward
Create the iptables routes to enable traffic to flow through the VPN properly
iptables -t nat -A POSTROUTING -s 1.2.3.0/24 -j SNAT --to x.x.x.x
x.x.x.x is the IP of your server.
OpenVPN pulls it’s user data from the Linux system users, so to add users to OpenVPN we add Linux users.
useradd username
passwd username
“username” in both instances is the username for your user.
Now is the time you’ve been waiting for.  Lets install the OpenVPN client to our computer and try to connect to our new VPN.
You can find the latest version of the OpenVPN desktop client on the OpenVPN website here.  As of the writing of this post, version 2.2.2 was the latest stable version.   When installing the client, please pay attention to the directory in which it is installed.  Mainly, whether or not it is in Program Files or Program Files (x86).
Once we have installed the OpenVPN desktop client, we need to download the key from the server that we generated earlier.  We will use our SFTP client for this.  I use Filezilla.
The file can be found in /etc/openvpn/easy-rsa/2.0/keys/.  You want to copy the ca.crt file to the OpenVPN config directory on your desktop.  This can be found in C:\Program Files\OpenVPN\config.  If you’re using Windows Visa/7 x64, this will likely be found in C:\Program Files (x86)\OpenVPN\config.
We’re now on the home stretch.  Lets create a config file on our desktop that will let us connect to the VPN.
Create a file in the same config directory and paste the following details in it.  Please make sure it is not named anything.ovpn.txt or this will not work correctly.
client
dev tun
proto udp #- protocol
remote x.x.x.x 1194 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
x.x.x.x is the IP address of your server specified earlier in this tutorial.

Now start the OpenVPN GUI Client and enter your username and password created earlier.

Congratulations, you’re now successfully connected to your new VPN.  You can verify this by checking your IP address here: http://www.whatismyip.com/