In a rush , so will jot down the steps only. You’ll need epel repo
On CentOS 6 , that will be
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm sudo rpm -Uvh epel-release-6*.rpm
Once that is done ,
1. yum install openvpn easy-rsa
2. mkdir -p /etc/openvpn/easy-rsa/keys
3. cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
4. vi /etc/openvpn/easy-rsa/vars
Modify these parameters to suit your need
[...] # Don't leave any of these fields blank. export KEY_COUNTRY="PK" export KEY_PROVINCE="Punjab" export KEY_CITY="Multan" export KEY_ORG="LinuxPakistan" export KEY_EMAIL="vpn@linux.net.pk" export KEY_OU="server" [...]
5. cd /etc/openvpn/easy-rsa/
6. cp openssl-1.0.0.cnf openssl.cnf
7. source ./vars
8. ./clean-all
9. ./build-ca
Generating a 2048 bit RSA private key ......................................................+++ ............................................................+++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [PK]: ----> Press Enter State or Province Name (full name) [Punjab]: ----> Press Enter Locality Name (eg, city) [Multan]: ----> Press Enter Organization Name (eg, company) [LinuxPakistan]: ----> Press Enter Organizational Unit Name (eg, section) [server]: ----> Press Enter Common Name (eg, your name or your server's hostname) [server]: ----> Press Enter Name [EasyRSA]: ----> Press Enter Email Address [vpn@linux.net.pk]: ----> Press Enter
10. ./build-key-server server
11. ./build-key client ( if you want to use RSA Keys for Connectivity )
12. ./build-dh
13. cd /etc/openvpn/easy-rsa/keys/
14. cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/
15. vi /etc/openvpn/server.conf
Use my configuration file from this post
And that should do it
IP Routing
vi /etc/sysctl.conf
Set the value of the parameter
# Controls IP packet forwarding net.ipv4.ip_forward = 1
Reload sysctl
sysctl -p
Finally some iptables magic to do the masquerading
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Save and Restart the Firewall
service iptables save service iptables restart