Assuming you have a freshly installed CentOS 7 virtual server follow these steps:
1. Install epel repository:
yum -y install epel-release2. Install OpenVPN and certificate generation tools (easy-rsa):
yum -y install openvpn easy-rsa3. Create a directory for your certificates and keys:
mkdir /etc/openvpn/easy-rsa cp -rf /usr/share/easy-rsa/3/* easy-rsa/4. Now let's configure our certificate authority and certificate authority:
cd easy-rsa/5. Create a client certificate for every user, connecting to your VPN server:
./easyrsa init-pki
./easyrsa gen-dh
./easyrsa build-ca nopass
./easyrsa build-server-full server nopass
./easyrsa build-client-full user1 nopass6. Write server configuration file:
cat <<EOF > /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca easy-rsa/pki/ca.crt
cert easy-rsa/pki/issued/server.crt
key easy-rsa/pki/private/server.key
dh easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
EOF
7. Set up packet forwaring and NAT:
yum -y install iptables-services policycoreutils
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/50-forwarding.conf
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
/usr/libexec/iptables/iptables.init save
8. Save settings and enable services at boot:
systemctl enable iptables
systemctl enable openvpn@server
9. You have the server part ready. Now copy these files to every user device:
/etc/openvpn/easy-rsa/pki/issued/USERNAME.crt
/etc/openvpn/easy-rsa/pki/private/USERNAME.crt
/etc/openvpn/easy-rsa/pki/ca.crt
Don't forget to change SERVER to your yourserver.se VPS IP address and USERNAME to the one created in step 5.