Contact Us
How To Remove/Uninstall OpenVPN Server Completely From CentOS/RHEL 6/7?
Our previous article was to install open VPN server for enhancing security by deleting old or unneeded client keys files and this article is to uninstall an OpenVPN server. Well, sometimes we need to uninstall a running OpenVPN environment. This article is also helpful for those who are learning and testing OpenVPN environment because you need to clear the installation every time.
Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig
If you want to read more article on OpenVPN then you may follow Given below links
Part 1: How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 7: Security Measures For OpenVPN Server and Security Hardening
Prerequisites:
A Pre-Installed and running OpenVPN Server.
Scenario:
OpenVPN Server: 192.168.1.188 – Already Running
Note: You may also figure out the IP of your OpenVPN server using the following command
[root@localhost easy-rsa]# firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10 192.168.1.188
Well by the end of this article we have the knowledge to uninstall OpenVPN
Let’s Start
Step 1: Figure Out The Running Port And Protocol
To initiate the process of uninstalling OpenVPN, the first thing we need to do is to figure the working port and protocol for OpenVPN because there are many conditions when OpenVPN server is running on a custom port and Protocol.
For Port:
[root@localhost easy-rsa]# grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2 1194
For Protocol:
[root@localhost easy-rsa]# grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2 udp
So now we have an OpenVPN server running on 1194 port and using UDP protocol.
Step 2: Remove Firewall Rules.
Now we have information about running port and protocol and with this information, we can undo the firewall changes which we did at the time of installation. So follow the instructions according to your OS
For RHEL/CentOS 7
We will use both permanent and not permanent rules to avoid a firewalld reload.
firewall-cmd --zone=public --remove-port=1194/udp Success firewall-cmd --zone=trusted --remove-source=10.8.0.0/24 Success firewall-cmd --permanent --zone=public --remove-port=1194/udp Success firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24 Success firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.188 Success firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to to 192.168.1.188 Success sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' /etc/rc.d/rc.local
For RHEL/CentOS 6
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.188 sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' /etc/rc.d/rc.local iptables -D INPUT -p 1194 --dport udp -j ACCEPT iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT sed -i "/iptables -I INPUT -p udp --dport 1194 -j ACCEPT/d" /etc/rc.d/rc.local sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" /etc/rc.d/rc.local sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" /etc/rc.d/rc.local
After doing changes in our firewall you may check that that rules were deleted.
Step 3: Disable SELinux For OpenVPN
If you have SELinux running on your server then you need to free OpenVPN port and protocol. Now, to check the SELinux status use the following command.
[root@localhost easy-rsa]# sestatus | grep "Current mode" Current mode: enforcing
And to verify we should use the following command
[root@localhost easy-rsa]# semanage port -l |grep 1194 openvpn_port_t tcp 1194 openvpn_port_t udp 1194
As this output shows that SELinux is working. so we need to run the following command to change SELinux context.
[root@localhost easy-rsa]# semanage port -d -t openvpn_port_t -p udp 1194
Step 4: Remove Packages
Now we have freed our protocol and server port from OpenVPN so we can move ahead for package and directory removal. So run below command for package removal.
[root@localhost easy-rsa]# yum remove openvpn -y
And Run below command for OpenVPN directory removal
[root@localhost easy-rsa]# rm -rf /etc/openvpn
We have successfully removed our OpenVPN server.
You May Like These Also
Part 1: How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/
Part 7: Security Measures For OpenVPN Server and Security Hardening