In this tutorial, we will show you how to install OpenVPN on CentOS 8. For those of you who didn’t know, OpenVPN is an open-source application that is usually widely used to create secure digital private networks over the unsecured open public Internet. OpenVPN is an SSL VPN solution that drains your system relationship securely through the Internet. OpenVPN features in the client-server structure. All the particular devices connected to a virtual exclusive network act as if they’re connected to your local area network. The particular packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you through the step-by-step install of the OpenVPN server on CentOS 8.
- A server running one of the following operating systems: CentOS 8.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install OpenVPN on CentOS 8
Step 1. First, let’s start by ensuring your system is up-to-date.
sudo dnf clean all sudo dnf update
Step 2. Installing OpenVPN on CentOS 8.
Now we download script auto installation OpenVPN from GitHub:
git clone https://github.com/Nyr/openvpn-install.git
Next, switch to the
openvpn-install directory and run the installer script:
chmod +x openvpn-install.sh sudo ./openvpn-install.sh
You should get the following output:
Welcome to this OpenVPN "road warrior" installer! I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them. First, provide the IPv4 address of the network interface you want OpenVPN listening to. IP address: 192.168.77.20 This server is behind NAT. What is the public IPv4 address or hostname? Public IP address / hostname: vpn.idroot.us Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol [1-2]: 1 What port do you want OpenVPN listening to? Port: 148 Which DNS do you want to use with the VPN? 1) Current system resolvers 2) 188.8.131.52 3) Google 4) OpenDNS 5) Verisign DNS [1-5]: 3 Finally, tell me your name for the client certificate. Please, use one word only, no special characters. Client name: godetz Okay, that was all I needed. We are ready to set up your OpenVPN server now. Press any key to continue… Updating Subscription Management repositories. Updating Subscription Management repositories. Extra Packages for Enterprise Linux 8 - x86_64 189 kB/s | 16 MB 01:24 Last metadata expiration check: 0:00:40 ago on Wed 16 Dec 2019 09:36:46 PM EAT. Package epel-release-7-11.noarch is already installed. Dependencies resolved. Nothing to do. Complete!
The main OpenVPN server configuration file is,
/etc/openvpn/server.conf you are free to tune it to your liking:
$ cat /etc/openvpn/server.conf port 148 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 192.168.22.1" keepalive 30 120 cipher AES-256-CBC user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem
Step 3. Generate OpenVPN User Profile.
Now we generate a client certificate and key using the following commands:
$ sudo ./openvpn-install.sh Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option [1-4]: 1 Tell me a name for the client certificate. Please, use one word only, no special characters. Client name: meilana Using SSL: openssl OpenSSL 1.1.1 FIPS 11 Sep 2018 Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG 139966006863680:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd Generating a RSA private key ……………………………………………………………………..+++++ ……………………………………….+++++ writing new private key to '/etc/openvpn/easy-rsa/pki/private/meilana.key.SmeichedelicsaH' Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG 13982808174100232:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'meilana' Certificate is to be certified until Dec 10 16:36:46 2026 GMT (3650 days) Write out database with 1 new entries Data Base Updated Client user1 added, configuration is available at: /root/meilana.ovpn
.ovpn OpenVPN profile file is placed inside
Step 4. Connect to OpenVPN Server from the client.
You can use the VPN client associated with your choice to configure the OpenVPN client on your operating system. For all those who want to use the Official OpenVPN client, go to the downloads web page and get the latest release after that install it.
Congratulations! You have successfully installed OpenVPN. Thanks for using this tutorial for installing the OpenVPN server on CentOS 8 systems. For additional help or useful information, we recommend you check the official OpenVPN website.