CentOSLinuxTutorials

How To Install OpenVPN on CentOS 8

Install OpenVPN on CentOS 8

In this tutorial, we will show you how to install OpenVPN on CentOS 8. For those of you who didn’t know, OpenVPN is an open-source application that is usually widely used to create secure digital private networks over the unsecured open public Internet. OpenVPN is an SSL VPN solution that drains your system relationship securely through the Internet. OpenVPN features in the client-server structure. All the particular devices connected to a virtual exclusive network act as if they’re connected to your local area network. The particular packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step install of the OpenVPN server on CentOS 8.

Prerequisites

  • A server running one of the following operating systems: CentOS 8.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install OpenVPN on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf clean all
sudo dnf update

Step 2. Installing OpenVPN on CentOS 8.

Now we download script auto installation OpenVPN from GitHub:

git clone https://github.com/Nyr/openvpn-install.git

Next, switch to the openvpn-install directory and run the installer script:

chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

You should get the following output:

Welcome to this OpenVPN "road warrior" installer!
 I need to ask you a few questions before starting the setup.
 You can leave the default options and just press enter if you are ok with them.
 First, provide the IPv4 address of the network interface you want OpenVPN
 listening to.
 IP address: 192.168.77.20
 This server is behind NAT. What is the public IPv4 address or hostname?
 Public IP address / hostname: vpn.idroot.us
 Which protocol do you want for OpenVPN connections?
    1) UDP (recommended)
    2) TCP
 Protocol [1-2]: 1
 What port do you want OpenVPN listening to?
 Port: 148
 Which DNS do you want to use with the VPN?
    1) Current system resolvers
    2) 1.1.1.1
    3) Google
    4) OpenDNS
    5) Verisign
 DNS [1-5]: 3
 Finally, tell me your name for the client certificate.
 Please, use one word only, no special characters.
 Client name: godetz
 Okay, that was all I needed. We are ready to set up your OpenVPN server now.
 Press any key to continue…
 Updating Subscription Management repositories.
 Updating Subscription Management repositories.
 Extra Packages for Enterprise Linux 8 - x86_64                                                                         189 kB/s |  16 MB     01:24    
 Last metadata expiration check: 0:00:40 ago on Wed 16 Dec 2019 09:36:46 PM EAT.
 Package epel-release-7-11.noarch is already installed.
 Dependencies resolved.
 Nothing to do.
 Complete!

The main OpenVPN server configuration file is,/etc/openvpn/server.conf you are free to tune it to your liking:

$ cat  /etc/openvpn/server.conf 

port 148
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.22.1"
keepalive 30 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

Step 3. Generate OpenVPN User Profile.

Now we  generate a client certificate and key using the following commands:

$ sudo ./openvpn-install.sh

Looks like OpenVPN is already installed.
 What do you want to do?
    1) Add a new user
    2) Revoke an existing user
    3) Remove OpenVPN
    4) Exit
 Select an option [1-4]: 1
 Tell me a name for the client certificate.
 Please, use one word only, no special characters.
 Client name: meilana
 Using SSL: openssl OpenSSL 1.1.1 FIPS  11 Sep 2018
 Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
 139966006863680:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
 Generating a RSA private key
 ……………………………………………………………………..+++++
 ……………………………………….+++++
 writing new private key to '/etc/openvpn/easy-rsa/pki/private/meilana.key.SmeichedelicsaH'
 Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
 Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
 13982808174100232:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
 Check that the request matches the signature
 Signature ok
 The Subject's Distinguished Name is as follows
 commonName            :ASN.1 12:'meilana'
 Certificate is to be certified until Dec 10 16:36:46 2026 GMT (3650 days)
 Write out database with 1 new entries
 Data Base Updated
 Client user1 added, configuration is available at: /root/meilana.ovpn

The .ovpn OpenVPN profile file is placed inside /root folder.

Step 4. Connect to OpenVPN Server from the client.

You can use the VPN client associated with your choice to configure the OpenVPN client on your operating system. For all those who want to use the Official OpenVPN client, go to the downloads web page and get the latest release after that install it.

Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on CentOS 8 systems. For additional help or useful information, we recommend you check the official OpenVPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button