loading...
Cover image for How to install OpenVPN on CentOS 7

How to install OpenVPN on CentOS 7

donut3228 profile image Dmitriy ・4 min read

First of all disable SELinux on your CentOS 7. You can do it by editing /etc/sysconfig/selinux

vim /etc/sysconfig/selinux
Enter fullscreen mode Exit fullscreen mode

You should see this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
Enter fullscreen mode Exit fullscreen mode

Change enforcing to disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
Enter fullscreen mode Exit fullscreen mode

And restart your server with:

init 6
# or
reboot
# or
shutdown -r now
# or
systemctl reboot
Enter fullscreen mode Exit fullscreen mode

OpenVPN Access Server installation

# updating system packages
yum -y install epel-release
yum -y update

# installing ufw to control firewall settings
yum -y install ufw
systemctl enable --now ufw.service

# allowing ports for OpenVPN Access Server and for OpenVPN itself
ufw allow 943 # Admin panel for OpenVPN
ufw allow 1194 # OpenVPN
ufw reload

# installing OpenVPN Access Server package
yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm
yum -y install openvpn-as

# before setting up your OpenVPN Access Server you should add password
# for user to be able to login into admin panel
passwd openvpn
Enter fullscreen mode Exit fullscreen mode

Now you can go to [insert_ip_of_your_server]:943/admin

Log in with username "openvpn" and password that you've set earlier
Alt Text
Click "Agree"
Alt Text
Go to sidebar and find "CONFIGURATION / Network Settings"
Alt Text
Insert IP of your OpenVPN server in "Hostname or IP Address:"
Alt Text
Go to sidebar again and find "USER MANAGEMENT / User Permissions".

Enter username for new user inside input with placeholder "New Username". If you click on "More Settings" you could set password for new user.

Also click on checkbox "Allow Auto-login", it's annoying to always type password when you need to connect to VPN.
Alt Text
Click on "Update Running Server" so new user could be used.
Alt Text
Now you can go to [insert_ip_of_your_server]:943/ and log in with credentials for user that you've just created.

You could make accounts for your friends and give them username and password and they could use your VPN server.

Alt Text
Here you could download "user-locked profile" or "autologin profile". I'm using "autologin profile" all the time because it's simpler.
Alt Text
After you downloaded client.ovpn you could run it and test your VPN connection. But before you should install OpenVPN on your device.
They have a page with install links for all systems, go to OpenVPN Connect Download Page and choose what you need.

sudo openvpn --config ~/Downloads/client.ovpn

# and now in another terminal check your ip
curl ipinfo.io
Enter fullscreen mode Exit fullscreen mode

From here you can use your VPN server and manage users using OpenVPN Access Server, but to provide easy access to admin panel so you don't need to remember your IP, we can make vpn.[your_domain.tld] to proxy pass on your OpenVPN Access Server admin panel.

Setup domain with nginx and letsencrypt

You need to have another server and A record for vpn.[your_domain.tld] that point to that server.

On this server do the following:

# installing nginx, certbot and plugin for certbot to work with nginx
yum install -y nginx certbot python2-certbot-nginx

# enabling nginx on system boot and starting it
systemctl enable --now nginx.service

# creating conf file for nginx
touch /etc/nginx/conf.d/vpn.[your_domain.tld].conf
vim /etc/nginx/conf.d/vpn.[your_domain.tld].conf
Enter fullscreen mode Exit fullscreen mode
# /etc/nginx/conf.d/vpn.[your_domain.tld].conf
server {
        server_name vpn.[your_domain.tld];

        location / {
                proxy_pass  https://[your_openvpn_server_ip]:943/;
        }
}
Enter fullscreen mode Exit fullscreen mode
# after saving new conf file you should check if there's
# any errors and reload nginx
nginx -t
nginx -s reload

# running certbot so it could install SSL certificates for your domain
# before doing this be sure that you have A record for vpn.[your_domain.tld]
# that matches your server ip address
certbot --nginx -d vpn.[your_domain.tld]
Enter fullscreen mode Exit fullscreen mode

And now you should be able to open vpn.[your_domain.tld]

Discussion

pic
Editor guide