How do i set up OpenVPN Server on CentOS 8 Linux server to protect my browsing activities from attackers and intruders on public Wifi?

OpenVPN is a popular free open source virtual private network (VPN) software which enables us to connect securely to an insecure public network such as a Wi-Fi network at the airport or hotel. 

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Installation tasks on their CentOS Server.

Today, we will show you the steps you need to take to configure an OpenVPN server on CentOS 8 Linux server.

What you need to set up an OpenVPN Server on your Machine?

As earlier stated, OpenVPN is a virtual private network (VPN) software with security of the system in mind.

It works on Linux and Unix-like operating systems and released under the GNU GPL license. 

Basically, VPN is an important aspect of every businesses and enterprises for security purposes. 

Now let us see how to set it up.

Steps to configure OpenVPN Server on CentOS 8?

To set up an OpenVPN server, you can follow the steps below.

i. Updating the System

Start by logging into your Server via an ssh tool such as putty as the root user.

Once logged in, then ensure that the packages and software on the server is up to date. To do this, run the yum command or dnf command as shown below;

sudo yum update


sudo dnf update

Next, install "tar" package from CentOS repository by running the wget command as seen below;

sudo yum install tar wget

ii. Find your Server's IPv4 or IPv6 address

With the "ip" commands shown below, you can display the Server's IPv4 or IPv6 address;

ip a
ip a show eth0

Alternatively, you can use the dig command / host command as shown below to display your Server's public IP address;

dig +short myip.opendns.com @resolver1.opendns.com


dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'

It is important to note the displayed IP address.

More about  IPv4 and IPv6 address

Generally, Servers consists of two types of IP address as outlined below;

1. Public static IP address: This is assigned directly to your machine box and routed from the internet. Most Server providers such as Linode, and Digital Ocean issue a public IPv4/IPv6 address automatically once you order from them.

2. Private static IP address: This is shipped with your server. Basically, the server is behind NAT with public IP address. For instance, Google Cloud and AWS EC2/Lightsail gives a NAT public IP address.

iii. How to download and run Openvpn?

For CentOS 8, the OpenVPN script is "centos-8-vpn.sh" .

To download it, run the wget command as shown below;

wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos-8-vpn.sh

Next, give the script permissions by running the "chmod" command below;

chmod +x centos-8-vpn.sh

To view the script with the server text editor, run the "vim or vi" command below;

vim centos-8-vpn.sh

How to install OpenVPN server on CentOS 8?

You can install it by using the "centos-8-vpn.sh" script downloaded in the previous step.

To do this, run the following command;

sudo ./centos-8-vpn.sh

Now your will be prompted to enter some information about your server such as the IP address, IPv6 support for NAT (y), Port to listen to (1194), Protocol (UDP), DNS (Cloudflare), Compression (y), Encryption settings customization (n), and then press any key to complete the process.

How to start, Stop, and Restart an OpenVPN Server on CentOS 8?

To stop openvpn service, run the following command;

sudo systemctl stop openvpn-server@server.service

To start openvpn service, run the following command;

sudo systemctl start openvpn-server@server.service

To restart openvpn service, run the following command;

sudo systemctl restart openvpn-server@server.service

Finally, to see if openvpn service is running or not, check its status by running the command as shown below;

sudo systemctl status openvpn-server@server.service

iv. How to initialize an OpenVPN server connection using IOS/Android/Linux/MS-Windows client?

By default, OpenVPN comes with a client configuration file "~/DesktopVPNClient.ovpn". 

Let's say, you server ip address is 109.261.324, you need to copy this file to your local desktop using the scp command as shown below;

scp root@109.261.324:~/DesktopVPNClient.ovpn

Now you can use this file to establish connection for the OpenVPN client.

Important notes.

You can download Apple iOS client  from Apple App Store.

You can get an Android client  from Google Play Store.

For Apple MacOS (OS X) client 

For Microsoft Windows 8/10 client 

How to configure OpenVPN Linux desktop client?

Start by installing the openvpn client for your desktop by running the command below;

sudo yum install openvpn

For Debian/Ubuntu Linux, use the apt command / apt-get command as seen below;

sudo apt install openvpn

Next, copy DesktopVPNClient.ovpn as shown follows;

sudo cp DesktopVPNClient.ovpn /etc/openvpn/client.conf

To test its connectivity, run the command below;

sudo openvpn --client --config /etc/openvpn/desktop.conf

To allow the system to connect automatically on boot, run the openvpn script/service by executing the command below;

sudo systemctl start openvpn@client

v. How to Test and Verify OpenVPN connectivity?

After making connection to the OpenVPN Server, run the following commands from your Linux desktop;

ping #Ping to the OpenVPN server gateway
ip route #Make sure routing setup working
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Must return public IP address of OpenVPN server 

Common issues with OpenVPN server and client setup?

Sometimes, you can face some issues in the process of configuring OpenVPN server on your CentOS server.

It is important to check the OpenVPN server for errors using the journalctl command shown below;

journalctl --identifier openvpn

Also check that the firewall is set correctly for the service. To do this run the command below;

sudo cat /etc/iptables/add-openvpn-rules.sh

The output will look like this;

iptables -t nat -I POSTROUTING 1 -s -o eth0 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o eth0 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p udp --dport 1194 -j ACCEPT
exit 0

For instance, to remove OpenVPN rules, run the command below;

sudo cat /etc/iptables/rm-openvpn-rules.sh

Alternatively, you can  run iptables command and sysctl command commands to verify NAT rule setup on your server;

sudo iptables -t nat -L -n -v
sysctl net.ipv4.ip_forward

If the rules is not inserted from the file "/etc/rc.local", then run the commands below;

sudo sh /etc/iptables/add-openvpn-rules.sh
sudo sysctl -w net.ipv4.ip_forward=1

To check if the OpenVPN server  and port is running and open, use the ss command or netstat command and pidof command/ps command with the grep command as follows;

netstat -tulpn | grep :1194 #1194 is the openvpn server port
ss -tulpn | grep :1194 #1194 is the openvpn server port
ps aux | grep openvpn #Is the openvpn server running?
ps -C openvpn #Is the openvpn server running?
pidof openvpn #Find the openvpn server PID

In cases where Openvpn service is not running, you can try restarting the OpenVPN server by running the command below;

sudo systemctl restart openvpn-server@server.service

You can check errors by running the command below;

sudo systemctl status openvpn-server@server.service

To check if the Linux desktop client can connect to the OpenVPN server machine, you need to run a simple test to see if the OpenVPN server port (UDP 1194) accepts connections by running the nc command shown below;

nc -vu your_server_ip 1194

Note that "your_server_ip" should be replaced by your Server IP address.

Connection issues are mainly caused if the firewall is blocking access to the server. So ensure that both client and server are using the same protocol and port. For instance, UDP port 1194.

Need to set up an OpenVPN server on your CentOS 8 Linux server? We are available to help you today.


More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com