First step is to check if tun/tap is active: cat /dev/net/tun If tun is active then you should see this: cat:

/dev/net/tun: File descriptor in bad state Make sure you have these packages installed: yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel open ssl-devel -y Download LZO RPM and Configure RPMForge Repo: wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm 32bit Package: CentOS 5: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5 .rf.i386.rpm CentOS 6: wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1 .el6.rf.i686.rpm 64bit Package: CentOS 5: wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5 .rf.x86_64.rpm CentOS 6: wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1 .el6.rf.x86_64.rpm Build the rpm packages: rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-*.rpm rpm -Uvh rpmforge-release* Install OpenVPN: yum install openvpn -y Copy the easy-rsa folder to /etc/openvpn/: cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/ Please note on ds below, open Change: export To: export And save.. Now let CentOS 6 we need to make a small change before you run the comman up /etc/openvpn/easy-rsa/2.0/vars and edit the below line: KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

s create the certificate: cd /etc/openvpn/easy-rsa/2.0 chmod 755 * source ./vars ./vars ./clean-all

Build CA: ./build-ca Country Name: may be filled or press enter State or Province Name: may be filled or press enter City: may be filled or press enter Org Name: may be filled or press enter Org Unit Name: may be filled or press enter

Common Name: your server hostname Email Address: may be filled or press enter Build key server: ./build-key-server server Almost the same with ./build.ca but check the changes and additi onal Common Name: server A challenge password: leave Optional company name: fill or enter sign the certificate: y 1 out of 1 certificate requests: y Build Diffie Hellman (wait a moment until the process finish): ./build-dh Now create your config file: touch /etc/openvpn/server.conf And enter the following: port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pa m.d/login #- Comment this line if you are using FreeRADIUS #plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.c nf #- Uncomment this line if you are using FreeRADIUS client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3 Save it. Before we start OpenVPN, lets disable SELinux if enabled, this can cause issues with OpenVPN, especially when using OpenVPN with multiple configs: echo 0 > /selinux/enforce This is a temporary solution and will re-enable once you reboot your system, to disable on a permanent basis you need to edit the following /etc/selinux/config and edit this line: SELINUX=enforcing To:

SELINUX=disabled When your system next reboots it will still be disabled. Now lets start OpenVPN: service openvpn restart Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ipv4.ip_forward to 1. net.ipv4.ip_forward = 1 To make the changes to sysctl.conf take effect, use the following command. sysctl -p Route Iptables: The rule below will work fine on xen and KVM based VPS s but for OpenVZ use the Open VZ iptable rule instead: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE OpenVZ iptable rules: iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 208.115.236 .245 And iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 208.11 5.236.245 Make sure you change 123.123.123.123 to your server IP. IF you have CSF on the same server you need to open your OpenVPN port (Usually 1 194) through the firewall and run the below commands for CSF, also its a good id ea to add them to /etc/csf/csfpre.sh. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123 If the above rules cause you any problems or don t seem to work (Especially on cPane l servers) then remove the rules above and use below: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT Please make sure 123.123.123.123 is your main server IP. Then run service iptables save -------------------------------------------Please note if you are using our FreeRADIUS module for WHMCS then you don t have to do the below step for adding users just follow the link above to setup OpenVPN t o auth off FreeRADIUS otherwise you can create a user as follows: useradd username -s /bin/false passwd username If you wanted to delete a user you would use: userdel username Now create a server.ovpn config file and enter the following: client dev tun proto udp remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port resolv-retry infinite net.

nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo reneg-sec 0 verb 3 Make sure you change 123.123.123.123 to your server IP. And make sure OpenVPN starts at boot: chkconfig openvpn on Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it i n the same directory as your server.ovpn.