Openvpn centos 6.4 x64 with certificates

Renewed POST with new info, as openvpn package changed, not everything in old tutorial is true now :)
This tutorial is based by old one



Default centos repositoryt doesn’t have openvpn package, so lets add epel repository first.
I downloaded it from this mirror here.

(link may be different depending on latest release version, currently file is epel-release-6-8.noarch.rpm)

After that, You can install openvpn and easy-rsa packages:


create directory for OpenVPN keys:


cd to easy-rsa subdirectory:


edit vars file, to reflect Your needs



I noticed that PKCS11_MODULE_PATH and PKCS11_PIN are mentioned 2 times. Leave those with “dummy”.
So comment out those other ones:


Also You want to change default KEYS export directory:


This info should be clear by default, anyway, You’ll be asked about all of them later.
These will be “default” values when generating certificates.


make symbolic link of openssl config


Initialize the public-key infastructure:


Creating Certificate Authority:

output:


Server certificate:

output:


Also You have to create own certificates for each OpenVPN client:

The same principle as with generating certificate for server.
All generated certificates are located in /etc/openvpn/keys directory(we noted that in “vars” file)

Add file containing Diffie Hellman parameters


My exemplary /etc/openvpn/openvpn.conf


add rule to forward and save it:


also enable forwarding in kernel (edit /etc/sysctl.conf):


and apply kernel settings:


start openvpn service and You’re ready to go!


p.s. don’t forget to unblock firewall if You are using it, port as in config is 1194