How to install and configure OpenVPN Server on CentOS 7 Linux + OpenVPN GUI client on Windows

Server: Centos 7 Linux, 64 bit
Client: Windows 7/10, 64 bit

OpenVPN is a very powerful Open Source VPN tool.

There are many real world cases when you may want to go with the OpenVPN based solutions, including and not limited to:

Open VPN logo
  • Establishing a secure connection to office network
  • Securing network data exchanges
  • Masking online activities
  • Anonymizing browsing sessions
  • Bypassing censorship and firewalls
  • Accessing ISP blocked content or services

Installation and configuration of OpenVPN server on CentOS 7 Linux VPS

CentOS Linux logo

Before installation of OpenVPN, my VPS server already had installed EPEL and iptables packages.

1. if not done before, install the required EPEL packages

2. Install OpenVPN package

3. Copy configuration file

4. Open server.conf configuration file for editing

5. Uncomment line to redirect traffic through OpenVPN

6. Set preferred DNS. Linux server's DNS settings normally can be found at /etc/resolv.conf

Or, you may decide to use some of public DNS, for example Google's DNS

7. If you wish to allow your vpn clients sharing same keys, uncommented line

8. Set OpenVPN service privileges to run with. Uncomment following lines

9. Install Easy-RSA, a small RSA key management package.
More information about detailed usage of the Easy-RSA can be found here

10. Create directory for storing keys

11. Copy Easy-RSA's key generation scripts into created directory

12. Edit fields in vars according to your server's data

The most important fields here to take an attention are: KEY_NAME and KEY_CN

13. Go to the /etc/openvpn/easy-rsa directory, source in new variables and clean old keys

14. Build the Certificate Authority (CA)

15. Generate OpenVPN server keys

16. Generate Diffie-Hellman Key Exchange parameters

17. Copy generated keys into /etc/openvpn/easy-rsa/keys

18. Generate client keys

19. Enable IP forwarding. Open /etc/sysctl.conf file for editing

Add to the /etc/sysctl.conf file

20. Restart network service

CentOS 7 comes with firewalld firewall service by default, while previous distros used iptables. I prefer to use iptables instead of firewalld.

If you prefer to stay with firewalld, you can skip steps #21-#22 and make sure to set appropriate firewalld rules in steps #23-#27.

21. So, disable firewalld

22. Install, enable and start iptables

23. Enable OpenVPN listening port on firewall. By default OpenVPN listens for UDP port 1194

24. Allow traffic initiated from VPN to access "the world"

25. Allow established traffic to pass back and forth

26. Allow NAT and masquerade traffic from VPN to "the world"

27. Save iptables rules

28. Enable and start OpenVPN service

29. Check the service. By default it listens for incoming connections on UDP port 1194

30. Copy CA certificate and client keys to your client computer:

Installation and configuration of OpenVPN GUI client on Windows 7/10

Windows logo

1. Download and install OpenVPN-GUI client package appropriate to your platform from OpenVPN Community Downloads page. In my case it is openvpn-install-2.3.10-I602-x86_64.exe

2. Create client.ovpn file in your installation's config folder and open it for editing:

3. Put following text into client.ovpn file:

Replace your_server_ip with the real IP or domain name of your server.

Fill values of ca, cert and key fields with a content, taken from files previously generated in server side:

For example, my client.ovpn's cert field looks as given below. For the reason you know actual characters replaced with (...)

4. Run OpenVPN GUI with Run as administrator privilege OR configure it to Always Run as an Administrator:

- Right-click the OpenVPN GUI shortcut
- Click the Properties option
- Click the Compatibility tab
- Check the "Run this program as an administrator" checkbox

5. Connect OpenVPN client to the server. After establishing connection, check your public IP address. Open browser, go to google and put in search text: my ip

Browser should display your OpenVPN server's IP.

More detailed information about using OpenVPN GUI for Windows can be found here