How to install and configure OpenVPN Server on CentOS 7 Linux + OpenVPN GUI client on Windows
Server: Centos 7 Linux, 64 bit
Client: Windows 7/10, 64 bit
OpenVPN is a very powerful Open Source VPN tool.
There are many real world cases when you may want to go with the OpenVPN based solutions, including and not limited to:
Installation and configuration of OpenVPN server on CentOS 7 Linux VPS
Before installation of OpenVPN, my VPS server already had installed EPEL and iptables packages.
1. if not done before, install the required EPEL packages
2. Install OpenVPN package
3. Copy configuration file
4. Open server.conf configuration file for editing
5. Uncomment line to redirect traffic through OpenVPN
6. Set preferred DNS. Linux server's DNS settings normally can be found at
Or, you may decide to use some of public DNS, for example Google's DNS
7. If you wish to allow your vpn clients sharing same keys, uncommented line
8. Set OpenVPN service privileges to run with. Uncomment following lines
9. Install Easy-RSA, a small RSA key management package.
More information about detailed usage of the Easy-RSA can be found here
10. Create directory for storing keys
11. Copy Easy-RSA's key generation scripts into created directory
12. Edit fields in vars according to your server's data
The most important fields here to take an attention are: KEY_NAME and KEY_CN
13. Go to the
/etc/openvpn/easy-rsa directory, source in new variables and clean old keys
14. Build the Certificate Authority (CA)
15. Generate OpenVPN server keys
16. Generate Diffie-Hellman Key Exchange parameters
17. Copy generated keys into
18. Generate client keys
19. Enable IP forwarding. Open
/etc/sysctl.conf file for editing
Add to the
20. Restart network service
CentOS 7 comes with firewalld firewall service by default, while previous distros used iptables.
I prefer to use iptables instead of firewalld.
If you prefer to stay with firewalld, you can skip steps #21-#22 and make sure to set appropriate firewalld rules in steps #23-#27.
21. So, disable firewalld
22. Install, enable and start iptables
23. Enable OpenVPN listening port on firewall. By default OpenVPN listens for UDP port 1194
24. Allow traffic initiated from VPN to access "the world"
25. Allow established traffic to pass back and forth
26. Allow NAT and masquerade traffic from VPN to "the world"
27. Save iptables rules
28. Enable and start OpenVPN service
29. Check the service. By default it listens for incoming connections on UDP port 1194
30. Copy CA certificate and client keys to your client computer:
Installation and configuration of OpenVPN GUI client on Windows 7/10
2. Create client.ovpn file in your installation's config folder and open it for editing:
3. Put following text into client.ovpn file:
Replace your_server_ip with the real IP or domain name of your server.
Fill values of ca, cert and key fields with a content, taken from files previously generated in server side:
For example, my client.ovpn's cert field looks as given below. For the reason you know actual characters replaced with (...)
4. Run OpenVPN GUI with Run as administrator privilege OR configure it to Always Run as an Administrator:
- Right-click the OpenVPN GUI shortcut
- Click the Properties option
- Click the Compatibility tab
- Check the "Run this program as an administrator" checkbox
5. Connect OpenVPN client to the server. After establishing connection, check your public IP address. Open browser, go to google and put in search text: my ip
Browser should display your OpenVPN server's IP.
More detailed information about using OpenVPN GUI for Windows can be found here
2016 February (1)
2014 December (1)
2013 May (1)
2013 March (1)
2013 February (1)
2012 December (2)
2012 October (1)
2011 February (2)
2010 October (2)
2010 July (1)
2010 May (1)
2010 April (1)