There are lots of services in your organization which will be implemented for e.g., email and web services and delivering those services to your users and customers. Some services are simply easier to deliver locally (e.g., file and print services). If your users are not located locally, then it would need to connect the users as if they were local, this is where the role of a virtual private network (VPN) comes in.

A VPN is a private network that runs over a public network.  They are also called tunnels, and used to secure and protect traffic public network like the Internet. The traffic over a VPN is encrypted and authenticated via an SSL certificate, a password, or a two-factor authentication mechanism.

In this article we are going to deal with setting upaOpenVPN server and client, to create a VPN and how to configure.

OpenVPN( is an SSL based VPN application which is open source developed by James Yonan.OpenVPN is a client/server model, where a server running on your host and clients can connect to the server and create VPN tunnels.

OpenVPN – Server Side – Install OpenVPN software.

The OpenVPN software and its dependencies are available in the EPEL repository.

We are assuming a server with hostname running CentOS and a public IP

In a CentOS server, you can Install OpenVPN server by the following command.


By default easy-rsascripts are located in the /usr/share/easy-rsa/ directory. Create a directory /easy-rsa/keys inside the /etc/openvpn directory and copy the scripts to /easy-rsa/keys.

mkdir -p /etc/openvpn/easy-rsa/keys

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Create CA Certificate and CA key

Edit file /etc/openvpn/easy-rsa/varsand add the values of country, email etc..inthe section







savethe file and exit, navigate to /etc/openvpn/easy-rsa/ directory


cp openssl-1.0.0.cnf openssl.cnf




This will generateCA certificateand CA key.Next createa certificate and key using the command

./build-key-server [hostname]

Createcertificateand key for VPN clients using the following command

./build-key client

The keys and certificates will be generated in the directory /etc/openvpn/easy-rsa/keys/.

Copy the files to the directory /etc/openvpn/


cpdh2048.pemca.crt*****.crt*****.key /etc/openvpn/

VPN server Configuration.

Copy the file server.conffile to directory /etc/openvpn/


Find and uncomment the following  lines in the file


push”redirect-gateway def1 bypass-dhcp”

push”dhcp-option DNS″

push”dhcp-option DNS″



Save and close

Copy the file client.conffile to /root/ (This file should be neededtolater copying to the VPN clients)


Add the VPN server IP address

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote 1194

Save and close.

Copy this file to your VPN client machine.

Lastly, Start the OpenVPN service using the following commands



OpenVPN – Client Side – Install OpenVPN Package

Install OpenVPN package by the following command

yum install openvpn

Start the OpenVPN client service by the commands

service openvpn start


Check the tun0 interface is created by the command


On successful completion  the VPN server will automatically assign an IP address to the VPN client.

Check if you can ping your VPN server from client systems