VPN refers to a virtual private network which allows users traveling and crossing untrustworthy networks. In other words, you can consider it a private network.
It ensures consumer to have complete liberty and independence as well as maximum security for his laptop and smartphone during connectivity to the unsafe network like the WIFI on the beach, coffee shop, airport or hotel.
When you integrate the setup with HTTP connections it will allow you to safeguard the transactions, logins, surfing the internet, and communications. Some web portals establish geographical restrictions and unwanted censorships, so you circumvent such obstacles, protecting and hiding your location from the untrustworthy network and unencrypted HTTP traffic.
• This tutorial is implementable with the following requirements:
• A CentOS 7 server with a firewall setup and a sudo non-root user. Consider having this done by learning related guide and doing extra necessary setups for CentOS 7 servers.
• Resolving to the server is essential, so consider having a domain or subdomain for using the certificates. So, initially, register a domain name, adding the DNS record. Note that to meet the essential requirement of this tutorial, just adding a DNS record will work fine.
• Since you will need to make connections to the OpenVPN server, consider arranging a client machine for this purpose. Using the local machines is highly recommended to meet the goals of this tutorial. Once these prerequisites are done, you will be ready to start setting up the configuration.
Now, follow the steps
Step 1 – OpenVPN installation
Along with OpenVPN installation, you may require installing Easy RSA which refers to a key infrastructure administration instrument. Easy RSA is necessary for use with VPN to have assistance in setting up the CA, an interior certificate authority. Besides, securing the VPN connections is recommended, which is possible through using Easy RSA.
It creates the SSL key pairs you may need later on. In order to avail latest versions, type to update the package
sudo yum update –y
Now, install both wget and OpenVPN which lead you to set up Easy RSA. Type
sudo yum install –y openvpn wget
Next, download Easy RSA using wget.
wget -O /tmp/easyrsa https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz
The file with tar, which is the compressed file, needs extraction
tar xfz /tmp/easyrsa
You will find easy-rsa-old-2.3.4, a new directory on the server. Under /etc/openvpn, create a sub directory renaming it easy-rsa by typing the following words:
sudo mkdir /etc/openvpn/easy-rsa
Step 2 – OpenVPN Configuration
Numerous configuration options are available; you just need to understand the instruction on setting up a primary server configuration. For your own configuration file, you will need copying server.conf file as an initial point.
sudo cp /usr/share/doc/openvpn-2.4.4/sample/sample-config-files/server.conf /etc/openvpn
Choose your favorite text editor and edit the new opened file. I prefer using nano, available to download via yum install nano command. Remember, downloading is necessary only if it doesn’t exist on the server.
Step 3 – Keys and Certificates Generating
Easy RSA contains numerous scripts for creating and managing certificates and keys. Modifying the Easy RSA’s configuration is convenient and appropriate for avoiding the re-configuration of the certificates.
Now, create a directory for Easy RSA where it will stock the generated certs and keys. Just type the following words:
sudo mkdir /etc/openvpn/easy-rsa/keys
After making necessary changes, save and close the related file.
Step 4 – Routing
After installing, configuring OpenVPN and creating certificates and necessary keys, you will need to add instructions on where the traffic from client’s web should be redirected. So, to specify such things, consider managing some configuration and firewall controls. Once done, reboot the network service by typing:
sudo systemct1 restart network.service
Note that with the firewall controls and routing, starting the OpenVPN becomes possible.
Step 5 – Initiating OpenVPN
You have used systemct1 command to manage OpenVPN. Now, it’s time to configure VPN for starting up at boot. It will enable you to establish a connection to the VPN as long as the server is functioning. As per above instructions, add these words to systemct1:
sudo systemct1 –f enable firstname.lastname@example.org
Afterward, make OpenVPN service functional by typing:
sudo systemct1 start email@example.com
This is the end of OpenVPN configuration; now get ready to establish a connection to OpenVPN server and configuring the client machine.
Step 6 – Client Configuration
Before you add the lines below to client machine, make sure to have locally-saved client key and CA certificate copy. The lines are:
/etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.key /etc/openvpn/myvpn.tlsauth
After generating a triumphant client connection, verify routed traffic through VPN using Google’s related pages.
Generating and running OpenVPN server enables you to download content and explore the web without being tracked by malicious factors. This tutorial will give you the way to numerous more steps to customize OpenVPN installation.