2016-03-13 23:52 | IT / Coding / How-To | linux, centos, openvpn, server, client, windows, network, security

How to install and configure OpenVPN Server on CentOS 7 Linux + OpenVPN GUI client on Windows


Server: Centos 7 Linux, 64 bit
Client: Windows 7/10, 64 bit


OpenVPN is a very powerful Open Source VPN tool.

There are many real world cases when you may want to go with the OpenVPN based solutions, including and not limited to:


Open VPN logo
  • Establishing a secure connection to office network
  • Securing network data exchanges
  • Masking online activities
  • Anonymizing browsing sessions
  • Bypassing censorship and firewalls
  • Accessing ISP blocked content or services


Installation and configuration of OpenVPN server on CentOS 7 Linux VPS

CentOS Linux logo

Before installation of OpenVPN, my VPS server already had installed EPEL and iptables packages.


1. if not done before, install the required EPEL packages


2. Install OpenVPN package


3. Copy configuration file


4. Open server.conf configuration file for editing


5. Uncomment line to redirect traffic through OpenVPN


6. Set preferred DNS. Linux server's DNS settings normally can be found at /etc/resolv.conf


Or, you may decide to use some of public DNS, for example Google's DNS


7. If you wish to allow your vpn clients sharing same keys, uncommented line


8. Set OpenVPN service privileges to run with. Uncomment following lines


9. Install Easy-RSA, a small RSA key management package.
More information about detailed usage of the Easy-RSA can be found here


10. Create directory for storing keys


11. Copy Easy-RSA's key generation scripts into created directory


12. Edit fields in vars according to your server's data


The most important fields here to take an attention are: KEY_NAME and KEY_CN


13. Go to the /etc/openvpn/easy-rsa directory, source in new variables and clean old keys


14. Build the Certificate Authority (CA)


15. Generate OpenVPN server keys


16. Generate Diffie-Hellman Key Exchange parameters


17. Copy generated keys into /etc/openvpn/easy-rsa/keys


18. Generate client keys


19. Enable IP forwarding. Open /etc/sysctl.conf file for editing


Add to the /etc/sysctl.conf file


20. Restart network service


CentOS 7 comes with firewalld firewall service by default, while previous distros used iptables. I prefer to use iptables instead of firewalld.

If you prefer to stay with firewalld, you can skip steps #21-#22 and make sure to set appropriate firewalld rules in steps #23-#27.

21. So, disable firewalld


22. Install, enable and start iptables


23. Enable OpenVPN listening port on firewall. By default OpenVPN listens for UDP port 1194


24. Allow traffic initiated from VPN to access "the world"


25. Allow established traffic to pass back and forth


26. Allow NAT and masquerade traffic from VPN to "the world"


27. Save iptables rules


28. Enable and start OpenVPN service


29. Check the service. By default it listens for incoming connections on UDP port 1194


30. Copy CA certificate and client keys to your client computer:



Installation and configuration of OpenVPN GUI client on Windows 7/10


Windows logo

1. Download and install OpenVPN-GUI client package appropriate to your platform from OpenVPN Community Downloads page. In my case it is openvpn-install-2.3.10-I602-x86_64.exe


2. Create client.ovpn file in your installation's config folder and open it for editing:


3. Put following text into client.ovpn file:


Replace your_server_ip with the real IP or domain name of your server.

Fill values of ca, cert and key fields with a content, taken from files previously generated in server side:


For example, my client.ovpn's cert field looks as given below. For the reason you know actual characters replaced with (...)


4. Run OpenVPN GUI with Run as administrator privilege OR configure it to Always Run as an Administrator:

- Right-click the OpenVPN GUI shortcut
- Click the Properties option
- Click the Compatibility tab
- Check the "Run this program as an administrator" checkbox


5. Connect OpenVPN client to the server. After establishing connection, check your public IP address. Open browser, go to google and put in search text: my ip

Browser should display your OpenVPN server's IP.

More detailed information about using OpenVPN GUI for Windows can be found here







2023 September (1)
2023 August (1)
2019 May (1)
2016 March (2)
2016 February (1)
2014 December (1)
2013 May (1)
2013 March (1)
2013 February (1)
2012 December (2)
2012 October (1)
2011 February (2)
2010 October (2)
2010 July (1)
2010 May (1)
2010 April (1)


IT / Coding / How-To

28147-89 (1), access (1), ajax (1), apple (1), asus (1), benchmark (1), block-cipher (1), c++ (1), cache (1), capistrano (1), centos (2), chrome (1), client (1), clock (1), cntvct_el0 (1), counter (1), counter-timer-register (1), cryptography (1), crystal reports (1), database (4), dbase (1), dbf (1), docker (1), error (7), fedora (2), firefox (1), google (2), gost (1), gost-28147-89 (1), gost-r-34-12-2015 (1), highlight (1), hp (1), html (1), intel (1), intellijidea (1), ireport (1), jasperreports (1), jaspersoft (1), java (5), javascript (2), jdbc (1), jdk (1), jet (1), jetty (1), jquery (2), laptop (1), linux (8), macos (1), magma (1), mongodb (1), ms visual c++ (1), mysql (1), native (1), network (2), openvpn (1), oracle (2), performance (3), postgres (1), postgresql (2), prettify (1), r-34-12-2015 (1), rails (1), ramdisk (2), ramdrive (2), rdtsc (1), rdtscp (1), recaptcha (1), redis (1), rest (1), restful (1), ruby (1), rust (2), security (3), server (2), sidekiq (1), spam (1), spring (1), sql (1), startup (1), subversion (1), svn (1), syntax (1), time-stamp-counter (1), timer (1), tomcat (2), ubuntu (2), update (1), vba (1), web service (1), wifi (1), winapi (1), windows (9)

Other Topics

active directory (1), java (1), jcifs (1), kerberos (1), ldap (1), linux (1), ntlm (1), spnego (1), story (1), ubuntu (1), windows (1)