Server on CentOS 7

Install OpenVPN

yum -y install openvpn

Configure OpenVPN server

Copy the example of openvpn config file to /etc/openvpn.

cd /etc/openvpn
cp /usr/share/doc/openvpn-2.4.4/sample/sample-config-files/server.conf ./

Copy keys and certificates to /etc/openvpn/server.

cd /etc/openvpn/CA/keys
cp ca.crt VPN_SRV_KEY.crt VPN_SRV_KEY.key dh2048.pem ta.key /etc/openvpn/server

Edit config file to set parameters for OpenVPN server

# Use UDP protocol
proto udp
dev tun0

# Set server keys and certificates
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/VPN_SRV_KEY.crt
key /etc/openvpn/server/VPN_SRV_KEY.key
dh /etc/openvpn/server/dh2048.pem

# Location of list disabled client's certificates
;crl-verify /etc/openvpn/server/crl.pem

tls-auth /etc/openvpn/server/ta.key 0
cipher AES-256-CBC

# IP VPN Network

# Set file to store of static IP of client
ifconfig-pool-persist /etc/openvpn/server/ipp.txt

# Enable client-client communication

# Use compress of traffic (universal case)
# Use compress of traffic (OpenVPN version > 2.4)
compress lz4-v2
push "compress lz4-v2"

# Discard root privilages for service
user nobody
group nobody

Additional settings

Bypass of firewall

Connection to OpenVPN port can be blocked in some local networks, we can try to change port and protocol for bypass this limitation. We can try to use 433 port, this port is used https protocol and is avaliable to connect in networks with enabled internet connection.

Change config file server.conf

port 443

Sometimes, it is not enough, some firewall can drop upd packets on hppts port. So, we can switch to use https port and tcp protocol to bypass firewall in such networks.

Change config file server.conf

# Use of tcp protocol and https port
proto tcp
port 443

Forwarding of internet traffic through OpenVPN server

Add string to server.conf

push "redirect-gateway def1 bypass-dhcp"

# Push DHCP servers to client, for example, we can use google dhcp servers
push "dhcp-option DNS"
push "dhcp-option DNS"

Additional actions are needed for forwarding of internet traffic through OpenVPN server:

  • activate of IP Forwarding;
  • configure firewall (iptables);
IP Forwarding
Configure iptables

Combine local networks using by OpenVPN

Add strings to server.conf to determine of routing

# Routing to client networks
push "route"
push "route" and IP of networks

If OpenVPN clients are not installed on gateways than additional actions for routing configure are needed.

Start OpenVPN service


systemctl start openvpn@server

Enable start on OS boot

systemctl enable openvpn@server