In this guide we will show you how to setup OpenVPN on centos – the guide will give you a fully working OpenVPN installation, NOT TESTED ON OTHER DISTROS.. First step is to check if tun/tap is active: If tun is active then you should see this: cat: /dev/net/tun: File descriptor in bad state Make sure you have these packages installed: Download LZO RPM and Configure RPMForge Repo: 32bit Package: CentOS 5: Centos 6: 64bit Package: CentOS 5: Centos 6: Build the rpm packages: Install OpenVPN: Copy the easy-rsa folder to /etc/openvpn/: **PLEASE NOTE** if the above command brings up an error such as below, then please follow the following steps to download and copy over easy-rsa as its not included in the new build OpenVPN 2.3.1: cannot stat `/usr/share/doc/openvpn-2.2.2/easy-rsa/’: No such file or directory Download easy-rsa from below: Extract the package: Copy to OpenVPN directory: Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line: Change: to And save.. Now let’s create the certificate: Build CA: Buy Key server: Build Diffie Hellman (wait a moment until the process finish): Now create your config file: And enter the following: Save it. Before we start OpenVPN, lets disable SELinux if enabled, this can cause issues with OpenVPN, especially when using OpenVPN with multiple configs: This is a temporary solution and will re-enable once you reboot your system, to disable on a permanent basis you need to edit the following /etc/selinux/config and edit this line: To: When your system next reboots it will still be disabled. Now lets start OpenVPN: *Please note if you receive “FAIL” when OpenVPN trys to start and you have the following error in your /var/log/messages: Then this is because the latest OpenVPN package doesn’t include this file (which is reported to be fixed soon) but you can download the pam auth file from here for now: 64Bit: 32Bit: Extract the file: Move to the OpenVPN directory: Then replace the PAM plugin line in your server.conf to below: Restart OpenVPN and all should now work: Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1. To make the changes to sysctl.conf take effect, use the following command. Route Iptables: The rule below will work fine on xen and KVM based VPS’s but for OpenVZ use the OpenVZ iptable rule instead: OpenVZ iptable rules: Make sure you change 123.123.123.123 to your server IP. IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh. If the above rules cause you any problems or don’t seem to work (Especially on cPanel servers) then remove the rules above and use below: Please make sure 123.123.123.123 is your main server IP. Then run… You can create a user as follows: If you wanted to delete a user you would use: Now create a server.ovpn config file and enter the following: Make sure you change 123.123.123.123 to your server IP. And make sure OpenVPN starts at boot: Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it in the same directory as your server.ovpn. Now download a VPN client and import your config file and enter your username and password created above