- Published on
How to install a VPN server
- Authors
- Name
- mendo1024
- @mendo1024
Installing an OpenVPN server on Centos with minimal effort.
This how-to is part of a bigger guide Building the secured self-hosted Nextcloud, which is about creating an encrypted and SIEM monitored Nextcloud instance.
For the sake of simplicity, we are using a OpenVPN Access Server, on verified Centos 7 Minimal. The free version of OpenVPN AS allows only two simultaneous connections.
Installation
After the default OS installation and update, install the OpenVPN AS repository, openvpn-as itself, and turn this service on:
yum -y update && yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm
yum -y install openvpn-as
systemctl start openvpnas && systemctl enable openvpnas
The installation routine will display generated administrator credentials, so save them somewhere, ideally into the password manager. Set the future VPN-user name as the USER variable, create new VPN user, and grant him automatic login (without prompting for a password):
export USER="my_user_name"
cd /usr/local/openvpn_as/scripts
./sacli --user $USER --key "type" --value "user_connect" UserPropPut
[True, {}]
./sacli --user $USER --key "prop_autologin" --value "true" UserPropPut
[True, {}]
Generate the .openvpn client configuration file:
./sacli --prefer-tls-crypt-v2 --user $USER GetAutologin > client.ovpn
Update the file we've just created to match our actual public IP address and the port which will be forwarded here. Find the remote directive and set it to something like this:
remote 1.2.3.4 52439 udp
The file client.ovpn contains the private key, so it must be protected. Save the file to your password manager and after loading to VPN client remove it from all other places.
Allow access to the 1194/UDP port that vpn is listening to:
firewall-cmd --zone=public --permanent --add-port=1194/udp
success
We should now be able to connect to the VPN using a client that supports OpenVPN. That will allow us to access the local network.