Openvpn on Centos 7/8

Step 1 – Update your system

sudo yum update

Step 2 – Find and note down your IP address

Use the ip command as follows:

ip aip a show eth0

Another option is to run the following dig command/host command to find out your public IP address from Linux command line:

dig +short myip.opendns.com @resolver1.opendns.com

One can grab find IPv4 address using the dig and awk command:

dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'

Step 3 – Download and run centos7-vpn.sh script

I am going to use the wget command:

wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos7-vpn.sh

Setup permissions using the chmod command:

chmod +x centos7-vpn.sh

One can view the script using a text editor such as vim/vi/nano:

nano centos7-vpn.sh

Run centos7-vpn.sh to install OpenVPN server

Now all you have to do is:

sudo ./centos7-vpn.sh

How do I start/stop/restart OpenVPN server on CentOS 7 ?

sudo systemctl stop openvpn@server #<--- stop server
sudo systemctl start openvpn@server #<--- start server
sudo systemctl restart openvpn@server #<--- restart server
sudo systemctl status openvpn@server #<--- get server status

Step 4 – Connect an OpenVPN server using IOS/Android/Linux/Windows client

  1. Apple app store: Apple iOS client
  2. Google play store: Android client
  3. Apple MacOS (OS X) client
  4. Windows 8/10 client

Step 5 – Verify/test the connectivity

Execute the following commands after connecting to OpenVPN server from your Linux desktop:

ping 10.8.0.1 #Ping to the OpenVPN server gatewayip route #Make sure routing setup working
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Must return public IP address of OpenVPN server

Step 6 – How to add additional OpenVPN client on a CentOS 7

Run downloaded centos7-vpn.sh script again:

sudo ./centos7-vpn.sh

Sample session:

Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install
 
It looks like OpenVPN is already installed.
 
What do you want to do?
   1) Add a new user
   2) Revoke existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]:

We can now add a new VPN user or delete existing VPN user.

A note about trouble shooting OpenVPN server and client issues

Check OpenVPN server for errors:

journalctl --identifier openvpn

Click to enlarge image Is firewall rule setup correctly on your server? Use the cat command to see rules:

sudo cat /etc/iptables/add-openvpn-rules.sh
#!/bin/sh
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o eth0 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p udp --dport 1194 -j ACCEPT

Another option is to run iptables command and sysctl command commands to verify NAT rule setup on your server:

sudo iptables -t nat -L -n -vsysctl net.ipv4.ip_forward


Insert the rules if not inserted from/etc/iptables/add-openvpn-rules.sh:

sudo sh /etc/iptables/add-openvpn-rules.shsudo sysctl -w net.ipv4.ip_forward=1

Is OpenVPN server running and port is open? Use the ss command or netstat command and pidof command/ps command:

netstat -tulpn | grep :1194
ss -tulpn | grep :1194
ps aux | grep openvpn
ps -C openvpn
pidof openvpn

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Back To Top