First let's prepare your vps. Type in the following on ssh.
yum update -y
Now you are ready to continue on the next steps.
Step 1:You need to check if you have tun/tap enabled, and you need to download/install all the dependencies and openvpn it'self
If you get "cat: /dev/net/tun: File descriptor in bad state" then you are all set! If not then ask your host to enable tun!
Now you need to install openvpn and it's dependencies. Run each of these commands ;
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel iptables
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
yum install openvpn
Now you need to change some files, copy directories, and generate the SSL keys for your server. Execute the following commands:
cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
cp -irv /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/2.0/openssl.cnf
chmod 755 *
In the following step you can put whatever you like for certificate details, but leave the password blank by entering "." when prompted.
Now you need to create the openvpn server config file, run the following:
*To save and exit the server.conf file we press [ESC] and type: :x
local x.x.x.x #- change it with your server ip address
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 18.104.22.168"
push "dhcp-option DNS 22.214.171.124"
keepalive 5 30
Check your OpenVPN server is working, and configure some few extra bits for firewall, ipforwarding, auto startup, etc
*If you see “Initialization Sequence Completed.” then all is good! Press [CTRL+z] to exit.
type the following ;
chkconfig openvpn on
chkconfig iptables on
Now change up the iptables for the VPN to work.
*Again, press [ESC] to exit text mode and save/exit with :x
Change the line: net.ipv4.ip_forward = 0 TO 1
Comment out this line: # net.ipv4.tcp_syncookies = 1
After type the following to save :
We will use SNAT instead of MASQUERADE to forward data via iptables.
Remember to replace x.x.x.x with your server IP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to x.x.x.x
service iptables save
You need to create a client config file for your VPN clients
Create a config file named NameOfVPN.ovpn and put it in your %programfiles%/OpenVPN/Config/NameOfDir/
The ovpn config file should contain the following, replace x.x.x.x with your VPN IP.
You will also need to copy the Server CA (Certificate Authority) crt file to each of your clients!
Download ca.crt from /etc/openvpn/easy-rsa/2.0/keys and put in %programfiles%/OpenVPN/Config/NameOfDir/
remote x.x.x.x 1194 #- your OPENVPN server ip and port
Make your vpn tunnel start upon boot (adds the command to rc.local)
echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
Final step 12:
Your VPS will need to get rebooted so type the following;
To create a new user we type: (replace openvpn with the username)
useradd openvpn -s /bin/false
To create the password we type
To Delete a user type