×



How do i set up OpenVPN Server on CentOS 8 Linux server to protect my browsing activities from attackers and intruders on public Wifi?

OpenVPN is a popular free open source virtual private network (VPN) software which enables us to connect securely to an insecure public network such as a Wi-Fi network at the airport or hotel. 

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Installation tasks on their CentOS Server.

Today, we will show you the steps you need to take to configure an OpenVPN server on CentOS 8 Linux server.


What you need to set up an OpenVPN Server on your Machine?

As earlier stated, OpenVPN is a virtual private network (VPN) software with security of the system in mind.

It works on Linux and Unix-like operating systems and released under the GNU GPL license. 

Basically, VPN is an important aspect of every businesses and enterprises for security purposes. 


Now let us see how to set it up.


Steps to configure OpenVPN Server on CentOS 8?

To set up an OpenVPN server, you can follow the steps below.


i. Updating the System

Start by logging into your Server via an ssh tool such as putty as the root user.

Once logged in, then ensure that the packages and software on the server is up to date. To do this, run the yum command or dnf command as shown below;

sudo yum update

OR 

sudo dnf update


Next, install "tar" package from CentOS repository by running the wget command as seen below;

sudo yum install tar wget


ii. Find your Server's IPv4 or IPv6 address

With the "ip" commands shown below, you can display the Server's IPv4 or IPv6 address;

ip a
ip a show eth0

Alternatively, you can use the dig command / host command as shown below to display your Server's public IP address;

dig +short myip.opendns.com @resolver1.opendns.com

OR

dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'


It is important to note the displayed IP address.


More about  IPv4 and IPv6 address

Generally, Servers consists of two types of IP address as outlined below;

1. Public static IP address: This is assigned directly to your machine box and routed from the internet. Most Server providers such as Linode, and Digital Ocean issue a public IPv4/IPv6 address automatically once you order from them.

2. Private static IP address: This is shipped with your server. Basically, the server is behind NAT with public IP address. For instance, Google Cloud and AWS EC2/Lightsail gives a NAT public IP address.


iii. How to download and run Openvpn?

For CentOS 8, the OpenVPN script is "centos-8-vpn.sh" .

To download it, run the wget command as shown below;

wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos-8-vpn.sh


Next, give the script permissions by running the "chmod" command below;

chmod +x centos-8-vpn.sh

To view the script with the server text editor, run the "vim or vi" command below;

vim centos-8-vpn.sh


How to install OpenVPN server on CentOS 8?

You can install it by using the "centos-8-vpn.sh" script downloaded in the previous step.

To do this, run the following command;

sudo ./centos-8-vpn.sh

Now your will be prompted to enter some information about your server such as the IP address, IPv6 support for NAT (y), Port to listen to (1194), Protocol (UDP), DNS (Cloudflare), Compression (y), Encryption settings customization (n), and then press any key to complete the process.


How to start, Stop, and Restart an OpenVPN Server on CentOS 8?

To stop openvpn service, run the following command;

sudo systemctl stop openvpn-server@server.service

To start openvpn service, run the following command;

sudo systemctl start openvpn-server@server.service

To restart openvpn service, run the following command;

sudo systemctl restart openvpn-server@server.service

Finally, to see if openvpn service is running or not, check its status by running the command as shown below;

sudo systemctl status openvpn-server@server.service


iv. How to initialize an OpenVPN server connection using IOS/Android/Linux/MS-Windows client?

By default, OpenVPN comes with a client configuration file "~/DesktopVPNClient.ovpn". 

Let's say, you server ip address is 109.261.324, you need to copy this file to your local desktop using the scp command as shown below;

scp root@109.261.324:~/DesktopVPNClient.ovpn

Now you can use this file to establish connection for the OpenVPN client.


Important notes.

You can download Apple iOS client  from Apple App Store.

You can get an Android client  from Google Play Store.

For Apple MacOS (OS X) client 

For Microsoft Windows 8/10 client 


How to configure OpenVPN Linux desktop client?

Start by installing the openvpn client for your desktop by running the command below;

sudo yum install openvpn

For Debian/Ubuntu Linux, use the apt command / apt-get command as seen below;

sudo apt install openvpn


Next, copy DesktopVPNClient.ovpn as shown follows;

sudo cp DesktopVPNClient.ovpn /etc/openvpn/client.conf

To test its connectivity, run the command below;

sudo openvpn --client --config /etc/openvpn/desktop.conf

To allow the system to connect automatically on boot, run the openvpn script/service by executing the command below;

sudo systemctl start openvpn@client


v. How to Test and Verify OpenVPN connectivity?

After making connection to the OpenVPN Server, run the following commands from your Linux desktop;

ping 10.8.0.1 #Ping to the OpenVPN server gateway
ip route #Make sure routing setup working
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Must return public IP address of OpenVPN server 


Common issues with OpenVPN server and client setup?

Sometimes, you can face some issues in the process of configuring OpenVPN server on your CentOS server.

It is important to check the OpenVPN server for errors using the journalctl command shown below;

journalctl --identifier openvpn


Also check that the firewall is set correctly for the service. To do this run the command below;

sudo cat /etc/iptables/add-openvpn-rules.sh

The output will look like this;

#!/bin/sh
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o eth0 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p udp --dport 1194 -j ACCEPT
exit 0


For instance, to remove OpenVPN rules, run the command below;

sudo cat /etc/iptables/rm-openvpn-rules.sh


Alternatively, you can  run iptables command and sysctl command commands to verify NAT rule setup on your server;

sudo iptables -t nat -L -n -v
sysctl net.ipv4.ip_forward

If the rules is not inserted from the file "/etc/rc.local", then run the commands below;

sudo sh /etc/iptables/add-openvpn-rules.sh
sudo sysctl -w net.ipv4.ip_forward=1


To check if the OpenVPN server  and port is running and open, use the ss command or netstat command and pidof command/ps command with the grep command as follows;

netstat -tulpn | grep :1194 #1194 is the openvpn server port
ss -tulpn | grep :1194 #1194 is the openvpn server port
ps aux | grep openvpn #Is the openvpn server running?
ps -C openvpn #Is the openvpn server running?
pidof openvpn #Find the openvpn server PID


In cases where Openvpn service is not running, you can try restarting the OpenVPN server by running the command below;

sudo systemctl restart openvpn-server@server.service

You can check errors by running the command below;

sudo systemctl status openvpn-server@server.service


To check if the Linux desktop client can connect to the OpenVPN server machine, you need to run a simple test to see if the OpenVPN server port (UDP 1194) accepts connections by running the nc command shown below;

nc -vu your_server_ip 1194

Note that "your_server_ip" should be replaced by your Server IP address.


Connection issues are mainly caused if the firewall is blocking access to the server. So ensure that both client and server are using the same protocol and port. For instance, UDP port 1194.


Need to set up an OpenVPN server on your CentOS 8 Linux server? We are available to help you today.


Conclusion

In this article, you will learn how to set up an OpenVPN server on CentOS 8 Linux server.

More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com