How To Remove/Uninstall OpenVPN Server Completely From CentOS/RHEL 6/7?

Our previous article was to install open VPN server for enhancing security by deleting old or unneeded client keys files and this article is to uninstall an OpenVPN server. Well, sometimes we need to uninstall a running OpenVPN environment. This article is also helpful for those who are learning and testing OpenVPN environment because you need to clear the installation every time.

Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig

If you want to read more article on OpenVPN then you may follow Given below links

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 7: Security Measures For OpenVPN Server and Security Hardening

Prerequisites:

A Pre-Installed and running OpenVPN Server.

Scenario:

OpenVPN Server: 192.168.1.188 – Already Running

Note: You may also figure out the IP of your OpenVPN server using the following command

[root@localhost easy-rsa]# firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10
192.168.1.188

Well by the end of this article we have the knowledge to uninstall OpenVPN

Let’s Start

Step 1: Figure Out The Running Port And Protocol

To initiate the process of uninstalling OpenVPN, the first thing we need to do is to figure the working port and protocol for OpenVPN because there are many conditions when OpenVPN server is running on a custom port and Protocol.

For Port:

[root@localhost easy-rsa]# grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2
1194

For Protocol:

[root@localhost easy-rsa]# grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2
udp

So now we have an OpenVPN server running on 1194 port and using UDP protocol.

Step 2: Remove Firewall Rules.

Now we have information about running port and protocol and with this information, we can undo the firewall changes which we did at the time of installation. So follow the instructions according to your OS

For RHEL/CentOS 7

We will use both permanent and not permanent rules to avoid a firewalld reload.

firewall-cmd --zone=public --remove-port=1194/udp
Success
firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
Success
firewall-cmd --permanent --zone=public --remove-port=1194/udp
Success
firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
Success
firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.188
Success
firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to to 192.168.1.188
Success
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' /etc/rc.d/rc.local

For RHEL/CentOS 6

iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.188
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' /etc/rc.d/rc.local
iptables -D INPUT -p 1194 --dport udp -j ACCEPT
iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
sed -i "/iptables -I INPUT -p udp --dport 1194 -j ACCEPT/d" /etc/rc.d/rc.local
sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" /etc/rc.d/rc.local
sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" /etc/rc.d/rc.local

After doing changes in our firewall you may check that that rules were deleted.

Step 3: Disable SELinux For OpenVPN

If you have SELinux running on your server then you need to free OpenVPN port and protocol. Now, to check the SELinux status use the following command.

[root@localhost easy-rsa]# sestatus | grep "Current mode"
Current mode: enforcing

And to verify we should use the following command

[root@localhost easy-rsa]# semanage port -l |grep 1194
openvpn_port_t tcp 1194
openvpn_port_t udp 1194

As this output shows that SELinux is working. so we need to run the following command to change SELinux context.

[root@localhost easy-rsa]# semanage port -d -t openvpn_port_t -p udp 1194

Step 4: Remove Packages

Now we have freed our protocol and server port from OpenVPN so we can move ahead for package and directory removal. So run below command for package removal.

[root@localhost easy-rsa]# yum remove openvpn -y

And Run below command for OpenVPN directory removal

[root@localhost easy-rsa]# rm -rf /etc/openvpn

We have successfully removed our OpenVPN server.

You May Like These Also

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6How To Remove OpenVPN Server from CentOS/RHEL 6/
Part 7: Security Measures For OpenVPN Server and Security Hardening