**** If you purchase one of our Fully Managed VPS plans, we will setup openVPN completely for you and give you instructions on how to use it. Alternatively you can purchase one of our Unmanaged VPS plans, and use the guide below to configure and install your OpenVPN software. Enjoy & Share. ****
You must be hearing a lot about VPNs these days. We have witnessed the demand for VPNs rising rapidly in recent years. Moreover, Google trends also show the rise in the search trend of “VPN” and VPN-related keywords.
VPN stands for Virtual Private Network, and there are many reasons why people use them. Security, Internet Censorship, and privacy on public Wi-Fi are just a few of the many reasons. In this article I will be discussing how to install OpenVPN on a VPS or dedicated server to allow you to have VPN connections to your server.
- Vanilla OS install (preferable)
- 64MB of RAM (128MB recommended)
- Root SSH Access
- SFTP Client
First and foremost we need to connect to our server via SSH. If you do not have an SSH client installed, I would highly recommend PuTTy. It’s free and you can find it via a quick Google search. I use SecureCRT, as it makes saving my SSH sessions very easy.
Once you are connected via SSH we can get to work. The next thing we need to do is verify that TUN/TAP is enabled. To do this run the following:
[root@vpn ~]# cat /dev/net/tun cat: /dev/net/tun: File descriptor in bad state
We will proceed by installing some modules which will be required later on in the install process.
yum install gcc make rpm-build zlib-devel pam-devel openssl openssl-devel autoconf.noarch nano -y
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-1.08-4.rf.src.rpm rpm -Uvh rpmforge-release*
yum install openvpn -y
cp -R /usr/share/doc/openvpn-2.*/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0</pre> </div> <div>cp openssl-1.0.0.cnf openssl.cnf chmod 755 * source ./vars ./vars ./clean-all
- Country Name: Press enter to leave unchanged
- State or Province Name: Press enter to leave unchanged
- Locality Name: Press enter to leave unchanged
- Organization Name: Press enter to leave unchanged
- Organizational Unit Name: Press enter to leave unchanged
- Common Name: Press enter to leave unchanged
- Name: Press enter to leave unchanged
- Email Address: Press enter to leave unchanged
Use the same entries as build-ca, along with the following additional parameters
- A challenge password:Leave this blank
- An optional company name:Optional
- Sign the certificate?: y
- 1 out of 1 certificate requests certified, commit?: y
Build DH Parameters (this may take a moment):
We will now make a configuration file for OpenVPN. You may use any text editor you like. I prefer nano and will use it for the remainder of this tutorial.
local x.x.x.x #- your_server_ip port 1194 #- default port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 220.127.116.11 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 18.104.22.168" push "dhcp-option DNS 22.214.171.124" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
openvpn /etc/openvpn/config-default.conf &
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 126.96.36.199/24 -j SNAT --to x.x.x.x
useradd username passwd username
client dev tun proto udp #- protocol remote x.x.x.x 1194 #- SERVER IP and OPENVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3
Now start the OpenVPN GUI Client and enter your username and password created earlier.
Congratulations, you’re now successfully connected to your new VPN. You can verify this by checking your IP address here: http://www.whatismyip.com/