OpenVPN setup on VPS

I will quickly describe how I managed to get a VPN ready for my needs.
Note: at this point I was not able to bypass NAT setups but I will find some tweaks for that.

First if your fainthearted you should probably not mess that much with config files and try the solution explained here which provides a more user friendly approach.

The journey starts by installing the server on your VPS, from now on I assume you have a yum-based server (I run CentOS 6).
First enable RMP Forge repo, to get the latest OpenVPN packages:

yum localinstall –nogpgcheck (for x86)

Then trigger the installation

yum install openvpn

Enable TUN/TAP from your VPS Control Panel and check if it’s working by:

# cat /dev/net/tun

You should get:

# cat: /dev/net/tun: File descriptor in bad state

Now go ahead and take the key and certificate generators and start building keys and certificates:

# cd /usr/share/doc/openvpn-2.0.9
# cp -av easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa/

Fill the requested info or type a dot (".") to leave it empty:
# . ./vars # sh clean-all # sh build-ca # sh build-key-server server

Now that you have the server key and the certificate, build some client keys:

# sh build-key client1 # sh build-key client2

And fire up the security policies:

# sh build-dh

When you have the certificates and keys generated get the client .crt and .key plus the ca.crt files and transfer them to your clients.

Now take a configuration template and edit the configuration file:

# cd /etc/openvpn/ # cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf . // be aware of the version number as it will increase in the future # nano server.conf

My working configuration is as follows:

local <public IP of the local server>
port 80
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"
push "dhcp-option DNS"
push "dhcp-option DOMAIN <domain name>"
keepalive 10 120
user nobody
group nobody
status openvpn-status.log
log openvpn.log
verb 3
mute 10

Adjust the configuration to your needs.

Leave a Reply

Your email address will not be published. Required fields are marked *