Installing OpenVPN on Centos 8

Install git if it is not already installed

sudo dnf install -y git 

Use git to download the road warrior script

git clone https://github.com/Nyr/openvpn-install.git

Then cd into the downloaded directory and run

./openvpn-install.sh
#or add sudo if not root
sudo ./openvpn-install.sh

Then select the IP address that your router has givien you and it is a good idea to make your IP address static, if you don’t and your router assigns you a different IP then your VPN will not work.

What IPv4 address should the OpenVPN server bind to?
     1) 192.168.0.119
     2) 192.168.122.1
IPv4 address [1]: 

You will need to know your public IP you can google search “whats my ip” and you can get it. However most residential IP’s are dynamic so you will need a domain some routers come with a way to assign a domain like D-link and TP-link but if you don’t have those you can use no-ip.com or freedns.com etc. Those however usually need updating which you can set up a cron job on your server to update this daily or weekly.

This server is behind NAT. What is the public IPv4 address or hostname?
Public IPv4 address / hostname []: 

For an added layer of security I dont expose common ports on my router. So I use NAT/Port forwarding for example for this VPN which by default listens on port 1194 this port might not be open on your router for security. You can choose between 1024 to 65535 the first 1023 are usually reserved so you could choose to NAT 65000 to 1194. Or with the next step in the script is setting the port for OpenVPN to listen to 65000 you can NAT 65000 to 65000 in your router. Sometimes referred to as a virtual server research your router model for port forwarding/NAT/virtual servers on google to find how to configure this. Using info from the examples above the usually syntax looks like: External Port: 65000 Internal IP: 192.168.0.119 Internal Port: 65000

What port do you want OpenVPN listening to?
Port [1194]: 

Usually choose 1 unless you have a reason to choose another

Which DNS do you want to use with the VPN?
   1) Current system resolvers
   2) 1.1.1.1
   3) Google
   4) OpenDNS
   5) Verisign
DNS [1]: 

Now you will give a name for your VPN users connection this can be ie: my-laptop, momslaptop, myphone, billybobstablet, etc

Finally, tell me a name for the client certificate.
Client name [client]:
Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

After you hit a key it will set up the VPN server and configure it. Then it will make the key with all the information for a user to connect and it will put it in your home directory. At the end of the script it will tell you where the key is just in case. Output looks like key genereated and saved to: /home/<username>/billybobstablet

Send the key from the server to your computer you might have to install openssh on your computer/laptop so your server can connect to it. You can also save it to a USB drive or email it but emailing does open a security risk because if anyone gets there hands on that key they can use your VPN and access your LAN.

sudo apt install openssh-server

Then use scp to sent the openvpn key to your computer

scp /path/to/key.opvn username@<computerIP>:~/

On your computer you might need to install openvpn so you can use the .opvn file to configure it automatically

sudo apt install openvpn

Usually after doing this you can go to network in settings and click the + at the VPN section then click “import from file” and then go to your key files location and select it or run this command

sudo openvpn --config /path/to/config.ovpn

Once this is done you can connect to it by going to settings and clicking the slider tab next to it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s