Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post Reply
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

For general usage, I recommend you to use Windscribe VPN which give you free 10GB per month.
It's enough to play the online game without lagging.
Windscribe VPN look best in these VPN app competition.
To sign up the free account go here: https://windscribe.com/?friend=o5spym13
Don't forget to claim voucher and enter “50GBFREE” to get free 50GB quota.
Windscribe-VPN-9.jpg
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

Code: Select all

# Enable Extra Packages for Enterprise Linux repository configuration
yum install epel-release    

yum install openvpn
yum install easy-rsa
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

Code: Select all

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

nano -w /etc/openvpn/server.conf

        push "redirect-gateway def1 bypass-dhcp"

        push "dhcp-option DNS 8.8.8.8"
        push "dhcp-option DNS 8.8.4.4"

        duplicate-cn

        tls-auth ta.key 0

        compress lz4-v2 
        push "compress lz4-v2"

        max-clients 7

        user nobody
        group nobody

        log-append  openvpn.log
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

Code: Select all

mkdir /etc/openvpn/easy-rsa/ 
cp /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

cd /etc/openvpn/easy-rsa/

nano -w ./vars

        export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"
        export KEY_DIR="$EASY_RSA/keys"
        export KEY_COUNTRY="US"
        export KEY_PROVINCE="NY"
        export KEY_CITY="New York"
        export KEY_ORG="Company Inc."
        export KEY_EMAIL="admin@gmail.com"
        export KEY_OU="IT Department"
        export KEY_NAME="VPN Server"
        export KEY_CN="server"

source ./vars 
./clean-all
./build-dh
./build-ca
./build-key-server server
./build-key client01

openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key

cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn/
cp /etc/openvpn/easy-rsa/keys/ca.crt     /etc/openvpn/
cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn/
cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn/
cp /etc/openvpn/easy-rsa/keys/ta.key     /etc/openvpn/
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

nano -w /etc/sysctl.conf

        net.ipv4.ip_forward = 1

sysctl -p
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
https://serverfault.com/questions/472258/difference-between-iptables-a-and-i-option

Code: Select all

# Check the main interface name (eth0 or veth0).
/sbin/ifconfig

# Allow incoming UDP traffic to port 1194. Don't use -A.
/sbin/iptables -I INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT

# Allow traffic initiated from VPN to access the world
/sbin/iptables -A FORWARD -s 10.8.0.0/24 -i tun0 -o eth0 -m state --state NEW -j ACCEPT

# Allow established traffic to pass back and forth
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Masquerade traffic from VPN to the world
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

service iptables save
service iptables restart

# List the active FORWARD rules
/sbin/iptables -S FORWARD
If you are on the CSF, add those 4 rules to the /etc/csf/csfpost.sh
Don't forget to add full path to the iptables command!!!

CSF (ConfigServer Filewall) is an iptables based firewall, provides easier way to implement iptables rules.
Sometimes we need to add some specific rules that not covered by CSF.
If we add these rules using iptables command directly from shell, they will erased on next CSF restart.
But CSF provides pre and post scripts which executes before or after CSF rules setup.

/etc/csf/csfpre.sh : To run external commands before csf configures iptables
/etc/csf/csfpost.sh : To run external commands after csf configures iptables

Code: Select all

touch    /etc/csf/csfpost.sh
chmod +x /etc/csf/csfpost.sh
nano -w  /etc/csf/csfpost.sh

# Restart CSF
csf -r
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

Code: Select all

chkconfig --list openvpn
chkconfig --add openvpn
chkconfig openvpn on
service openvpn restart

tail -200 /var/log/messages
tail -200 /etc/openvpn/openvpn.log
Top
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Re: Easy steps to setup OpenVPN 2.4.3 on CentOS 6.9 WHM Cpanel

Post by tong »

client01.ovpn

Code: Select all

client
remote 123.123.123.123 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
tls-auth ta.key 1
cipher AES-256-CBC
remote-cert-tls server
verb 3
;mute 20
;comp-lzo
Copy these files to use with your client software:

Code: Select all

/etc/openvpn/easy-rsa/keys/ca.crt     
/etc/openvpn/easy-rsa/keys/client01.crt 
/etc/openvpn/easy-rsa/keys/client01.key
/etc/openvpn/easy-rsa/keys/ta.key
Top
Post Reply

Return to “IT Technic”