This article provides a guide for how to install OpenVPN on CentOS VPS with CSF.
Objectives:
- Launch private VPN server (for online privacy and security)
- Use open-source software (to avoid vendor lock-in)
Why Use a VPN?
Using a VPN encrypts your connection so not even your ISP can see what you are doing. Any sites you visit will not see your home IP but the VPN IP and this is a large and important step to keeping yourself and your information safe online. OpenVPN is an open-source (free) VPN server that can be installed quickly and easily.
You do not need to be a Linux guru to accomplish this and it is easier than you might think!
How to Install OpenVPN on CentOS VPS with CSF
To install OpenVPN on CentOS VPS with CSF, follow the steps below:
The first step is to get yourself a VPS or cloud server. If you don’t have one yet, Rad Web Hosting has you covered! The smallest CentOS VPS plan will be sufficient to install and run your own private VPN server.
Now you can login with SSH using something like Putty and run the following commands:
yum update -y reboot
This will ensure your server is updated and running the proper kernel version. After a few minutes, login again via Putty.
Install OpenVPN
There is an installer on GitHub written by and maintained by Nyr that automates the entire process. Check it out here: https://github.com/Nyr/openvpn-install To install simply do:
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Once it is done login to your server with SFTP and grab the config file. Now let’s make this VPN more secure using CSF (Config Server Firewall). CSF is a powerful and flexible Firewall that makes it easy to secure you server from many different types of attacks.
Install CSF
To install CSF, execute the following commands:
yum install perl -y yum install bind-utils -y yum install perl-libwww-perl -y yum install unzip -y cd /usr/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Configure CSF for Compatibility with OpenVPN
We need to do a little extra work for these 2 to play nice.
nano /etc/csf/csfpre.sh
Paste the following into that file:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123
Save, exit, and restart CSF:
csf -r
Add The OpenVPN Port And Remove Others
nano /etc/csf/csf.conf
The first option you will see is Testing = “1”
. Change that to > Testing = “0”
.
Now scroll down until you see the port settings. You want to remove all ports except 22 (SSH), and add port 1194 which is OpenVPN assuming you went with the default setting on install. It should look like this when done:
# Allow incoming TCP ports TCP_IN = "22,1194" # Allow outgoing TCP ports TCP_OUT = "22,1194" # Allow incoming UDP ports UDP_IN = "1194" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "1194"
Save, exit, and restart CSF. Your server is now secured.
Additional Security
I also highly recommend that you setup public/private keys and disable password authentication this adds a great extra layer of security to your server!
Conclusion
You now know how to install OpenVPN on CentOS VPS with CSF.