login: root

Openvpn centos 6.4 x64 with certificates

Renewed POST with new info, as openvpn package changed, not everything in old tutorial is true now :)
This tutorial is based by old one

Default centos repositoryt doesn’t have openvpn package, so lets add epel repository first.
I downloaded it from this mirror here.

(link may be different depending on latest release version, currently file is epel-release-6-8.noarch.rpm)

After that, You can install openvpn and easy-rsa packages:

create directory for OpenVPN keys:

cd to easy-rsa subdirectory:

edit vars file, to reflect Your needs

I noticed that PKCS11_MODULE_PATH and PKCS11_PIN are mentioned 2 times. Leave those with “dummy”.
So comment out those other ones:

Also You want to change default KEYS export directory:

This info should be clear by default, anyway, You’ll be asked about all of them later.
These will be “default” values when generating certificates.

make symbolic link of openssl config

Initialize the public-key infastructure:

Creating Certificate Authority:


Server certificate:


Also You have to create own certificates for each OpenVPN client:

The same principle as with generating certificate for server.
All generated certificates are located in /etc/openvpn/keys directory(we noted that in “vars” file)

Add file containing Diffie Hellman parameters

My exemplary /etc/openvpn/openvpn.conf

add rule to forward and save it:

also enable forwarding in kernel (edit /etc/sysctl.conf):

and apply kernel settings:

start openvpn service and You’re ready to go!

p.s. don’t forget to unblock firewall if You are using it, port as in config is 1194

Comments (4)

  1. norbuurgen@hotmail.com

    did this work for you?

    1. nsc (Post author)

      is this rhetorical question?
      Yes it did, 2days ago.

      What error did You get?

  2. Cristian Silaghi

    Can anybody help me? I have CentOS 6.5 x64 and I only get errors and I cannot make it work. ;)

    nsc, can you leave your email or can I contact you? :) I want to talk in private. :D

    1. nsc (Post author)

      nsc loginroot com, You know the missing symbols :)


Leave a Reply to nsc Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: