Install OpenVPN on CentOS 7 (and why you should be using it)

openvpnlogo

“Why the Hell would I ever want to VPN into my home network? It’s my freakin’ home network.”

Do you ever use public wifi? Have important files at home that you always want access to? Movies/music/TV shows you’d want to watch or listen to from anywhere? Security cameras? Travel to other countries that might block certain traffic? Does your work have an Internet filter or you don’t want them to know you actually just surf Reddit all day? (If my boss is reading this, I swear I don’t do the last one)

There’s a TON of reasons why having VPN access to your home network is not only awesome, but necessary if you ever want to use any public wifi securely. With packet analyzers being widely available and free (even as phone apps or as browser add-ons), hacking software being easier to use, and identity theft constantly being on the rise, it’s definitely important you make sure your information is as safe as possible. This tutorial will show you how to easily install OpenVPN on CentOS 7 and connect to it over the Internet so you can be happy knowing all of your traffic is encrypted and safe.

If you’re reading this, you probably already know a VPN is necessary if you want to access certain resources or files that’s on a different network. You also probably know that VPNs transmit all of your traffic over the Internet securely and encrypts it (if you didn’t, here’s a video by CyberGhost VPN that does a good job explaining how a VPN works introduced by an attractive Russian female employee whose appeal I’m sure had nothing to do with the video planning process). So instead of me explaining all of that, how about I get into what I need you to do to before you create your own OpenVPN Access Server and connect to it securely over the Internet?

Create a DDNS account

Since your ISP changes your home IP address every so often, I highly suggest creating a DDNS account. If you connect to your OpenVPN server via DDNS, you won’t have to worry about not being able to remotely connect because your IP address changed. This means we’ll be connecting to our OpenVPN server via an address like hostname.ddns.net (which is what I’ll be using as an example for the OpenVPN install) instead of an IP address that will eventually change on you.

I love NoIP.com. I especially love it because you can create a free account for up to 3 hostnames (as long as you confirm with them every 30 days that it’s being used). Once you create your account, you can download an installer from them that will dynamically check your IP address and update your account if it’s changed. I highly suggest creating an account and hostname with No-IP, and making sure that the hostname is being resolved to your IP address.

Create a port forward on your home router

Creating a port forward on your home router for OpenVPN is what will allow you to connect to the server over the Internet. Below is a photo of the port forward setup I have for my OpenVPN server in my router (an Ubiquiti EdgeRouter Lite).

PortForwards

The port forwards shown above are saying that my router is opening TCP port 443 and UDP port 1194 (which are the ports you’ll be forwarding for OpenVPN too) so you can connect to your OpenVPN server’s local IP (you can see mine is 10.0.10.101) over the Internet via your DDNS hostname or public IP address.

I can’t show you how to make port forwards in your router since it depends on the manufacturer and model of your router. This is a good generic guide that shows you the steps on how to create a port forward, but it’d also help if you Google’d “model-of-your-router port forward setup”.

You don’t have to create the port forwards until after you’ve already made your VPN server and know what it’s IP address is going to be. Speaking of, assuming you already have a fresh minimal install of CentOS 7 ready to go, let’s go create your OpenVPN server! Don’t let the amount of steps deter you, this is actually really easy.

Installing OpenVPN Access Server on CentOS 7

1. Assuming you’re logged in as root, let’s make sure you’re updated.

yum update –y

2. Let’s install OpenVPN!  (Updated on 8/4/16 to version 2.1.2)

yum install -y http://swupdate.openvpn.org/as/openvpn-as-2.1.2-CentOS7.x86_64.rpm

Aren’t easy installs the best? You should be seeing this screenshot when it’s finished.
1

3. The default admin account is openvpn, so let’s change the password.

passwd openvpn

Type in a strong password twice when prompted. You should see the screen below.
2

4. Let’s create a new account (don’t use the thatserverdude username below, create your own damn username) and password. This will be the account that we’ll be using to VPN into. Type in the password when prompted.

adduser thatserverdude
passwd thatserverdude

4

5. You should now be able to get to the admin web UI. Open your browser and go to https://your-server-IP:943/admin. You’ll get an untrusted connection or certificate warning but you’re fine to trust it or add the exception and keep going. Once you do, you’ll see the login screen below. Go ahead and login with the admin account (openvpn) and agree to the license agreement.
5

6. Once agreed, you’ll be at the OpenVPN Status Overview page. Go to User Permissions (under User Management) and add the VPN user you created earlier under New Username. Click Show next to the username and check “Allow Access From: all server-side private subnets” (if you have other servers/clients in your home network that you’d like to access) and Save Settings, then Update Running Server at the top.
7

7. Go to Server Network Settings. You’ll see next to “Hostname or IP Address” that it lists your OpenVPN’s local IP, which you obviously can’t connect to over the Internet. Replace that with your DDNS hostname (or public IP address) that you’ll be using to connect your OpenVPN client to over the Internet. Save settings and Update Running Server. My example is below.
8

8. Your OpenVPN Access Server is now ready to see the world! At this time, you’ll want to make sure your router’s port forwards to your OpenVPN server’s local IP are properly set up (using TCP port 443 and UDP port 1194). My local IP is 10.0.10.101, so whenever I connect to my DDNS hostname or public IP via these ports, my router will forward that traffic to my OpenVPN server. Below is my port forward setup in my EdgeRouter Lite.
PortForwards

UPDATE: Thanks to Reddit user /u/techmattr for mentioning that port 443 is for the Admin login only. After getting the OpenVPN client configured and working, you can close up this port.

9. From a network outside of your home network, you should now be able to establish an HTTPS connection to your OpenVPN server from your DDNS hostname (like https://hostname.ddns.net) or your public IP address. Open up any browser, go to https://hostname.ddns.net or https://your-public-ip (whichever you put in your OpenVPN’s Server Network Settings). You should see the screen below and be able to login with the VPN user account you created.
9

10. Once logged in, you’ll see the below screen. It will prompt you to install an .msi file that will not only easily install the OpenVPN client but will also have your VPN profile already configured for you. Download and install that bad boy.
10

11. Now that the client is installed, look for the little OpenVPN icon in your taskbar. Right-click it and choose “Connect to hostname.ddns.net” (I took out my hostname below because I’ve heard people on the Internet can be jerks).
11

12. You’ll be prompted for your VPN user’s username and password. Login and agree to the warning.

If you see the prompt shown below, you’ve successfully connected to your very own OpenVPN server!
14

You’re now free to be able to access any files or servers at home, browse the Internet securely from any public wifi, or watch all the movies/TV shows stored at home that I’m sure you all legally downloaded!

Install OpenVPN on CentOS 7 (and why you should be using it)