Access to secure and private internet connection is crucial nowadays to protect your personal data and corporate communications. VPN (Virtual Private Network) offers this kind of security by encrypting your data and hiding your IP address when connecting to the internet. In this article, we'll focus on how to install and configure a VPN server using OpenVPN on the CentOS 7 operating system, which is one of the most popular and recommended VPN technologies.
Prerequisites
Before starting the installation and configuration, make sure that your system is fully updated, and you have root privileges. Also, keep in mind that for a successful VPN server configuration, you need to have a public IP address or a domain name that points to your server.
Step 1: Install OpenVPN and Easy-RSA
OpenVPN is open-source software for creating an encrypted VPN tunnel. Easy-RSA is a tool that assists in generating keys and certificates necessary for securing communication. Install them using the following commands:
yum install epel-release -y
yum install openvpn easy-rsa -y
Step 2: Configuration of Easy-RSA and Certificate Generation
Setting up Easy-RSA and generating certificates and keys are crucial steps to secure your VPN server. Follow these steps:
- Copy the Easy-RSA sample directory to the OpenVPN folder:
cp -r /usr/share/easy-rsa/ /etc/openvpn/ - Navigate to the Easy-RSA directory and initialize the variables:
cd /etc/openvpn/easy-rsa/3.0/ ./easyrsa init-pki - Generate the root certificate and CA key:
./easyrsa build-ca - Generate the server certificate and key:
./easyrsa build-server-full server nopass - Generate the Diffie-Hellman keys:
./easyrsa gen-dh
Step 3: Configuration of the OpenVPN Server
Now it's time to configure the OpenVPN server. Copy the sample OpenVPN configuration file to the /etc/openvpn directory and modify it according to your needs:
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/
nano /etc/openvpn/server.conf
In the configuration file, set the paths to the certificates and keys you generated in the previous steps, and adjust other settings as needed.
Step 4: IP Forwarding and Firewall Configuration
To allow clients to access the internet through the VPN, you need to enable IP forwarding and set up firewall rules. This can be achieved by editing system files and using the firewall-cmd tool.
Step 5: Start and Test the VPN Server
After completing the configuration, start the OpenVPN service and check if it's active and running:
systemctl start openvpn@server
systemctl enable openvpn@server
systemctl status openvpn@server
For testing, try to connect to the VPN server from a client that has the OpenVPN client installed and configured with the appropriate client certificates and keys.
Installing and configuring a VPN server on CentOS 7 using OpenVPN and Easy-RSA provides a strong foundation for a secure and private internet connection. By following the steps outlined above, you can easily set up your VPN server and secure your online communication.
