How To Install and Setup OpenVPN Server On CentOS/RHEL 7?- Part 1
Awesome Tools OpenVPN Security Tutorials

How To Install and Setup OpenVPN Server On CentOS/RHEL 7?

In a server environment is s very important to access servers with security. To implement this network admins or security team allow specific network or a list of IPs to get connected. Now all the people with in the allowed network are allowed to do several tasks like maintenance work or for troubleshooting. But what would happen when you are not in the allowed network and it’s really urgent to get connect with servers. Here we have a need a VPN.

How To Install OpenVPN On CentOS/RHEL 6?

What is OpenVPN?

OpenVPN was first developed under OpenVPN project/OpenVPN Technologies, Inc. and it was originally developed by James Yonan using C language. Its initial release was 0.90 on date 13 May 2001. OpenVPN is an open-source software application which uses custom security protocol to set up a VPN by key exchange over SSL/TLS. It creates a secure point-to-point or site-to-site connections. It also Works in routed or bridged configurations and remote access facilities. OpenVPN allows you to traverse through NATs and firewalls.

Working of OpenVPN

OpenVPN allows connections from one network to another using a pre-shared secret key, certificates or username/password. When there is a multi-client-server infrastructure architecture, it allows the server to release an authentication certificate for every client. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.

How To Install OpenVPN On CentOS/RHEL 6?

In this article, we will learn to set up OpenVPN. For this scenario, we will use a system as OpenVPN server and two client system, One as a windows client and other as  Linux client to test our work.

Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig

If you want to read more article on OpenVPN then you may follow Given below links

Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7

Scenario

OpenVPN server: 192.168.1.188
Windows client: 192.168.1.18
Linux client: 192.168.1.245

So Let’s start

I did a lot of research and came up with an exact solution. I tried with many tuts present online but none of them was working perfect and without any flaw. So read it completely and do not miss any step.

Step 1: Install Required Repo and packages

Install EPEL repository and some other required packages using the following command

Step 2: Setting UP Easy RSA for Key generation

After packages installation, we need to set up Easy RSA for key generation purpose. This package creates certificates for server and client for secure communication. Please follow given below steps.

Step 3: Create PARAMs, Keys DH with server and client certificates

After EasyRSA set up we will create the PKI followed by setting up CA, the DH params and the server and client certificates using following commands.

Now, Creating a Certificate Authority (certificate + key)

Next, generate the Diffie-Hellman file used for information exchange to complement RSA (this will take quite some time)

Now, creating certificate files for the server.

Finally, create separate certificate files for each client that will use your VPN server. I am considering my CLIENT name is  ‘client’ you may change the highlighted bold value with your custom name.

Also, generate crl.pem along with  tls-auth key

Step 4: Placing Keys and Permission

To use our newly created servers keys an certificate(except client’s) we need to the following command.

The CRL is read with each client connection when OpenVPN is dropped to nobody to run following.

Step 5: Create OpenVPN server.conf File

We need to set up an OpenVPN server.conf file. For do the same copy and paste given below excerpts in your file.

Append the given below line and change highlighted values according to your scenario.
Note: Use the Port Number and Protocol wisely because these port and protocol will be used in iptables rules.

Now Save the file using the command :wq!

Step 6: Setup IP Forwarding

Now run the following instructions to setup IP forwarding because we will use port forwarding and NATing for our VPN connection

Append the Following lines

Now Save the file using the command :wq! and to avoid an unneeded reboot run below command.

Step 8: Setting Up FIREWALLD and rc.local And Starting Service

Now We will setup the Firewall and will some changes to rc.local to finalize our installation. Follow given below instruction. Also, change the highlighted values with your scenario

Append following lines change the bold IP with your VPN server IP

Save the file using the command :wq! run the following command to give execution permission.

Add some Services protocol and ports in the firewall of CentOS 7.
Note: We don’t use –add-service=openvpn because that would only work with the default port and protocol.

Now Set NAT for the VPN subnet (Change Bold Values With Your VPN server IP and Ports)

After all the changes in our firewall restart the service and

This was the server setup so continue reading next article for Setup Client For OpenVPN

You May Like These Also

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7

Kapendra
Love to write technical stuff with personal experience as I am working as a Sr. Linux Admin. and every day is a learning day and Trust me being tech geek is really cool.
http://kapendra.com

Leave a Reply