How to Install OpenVPN on a CentOS 5 Based VPS

Must read:

Ferdian Alfianto

Ferdian Alfianto

Ferdian Alfianto is an Internet enthusiast, Mac Lover; likes using Wordpress, experimenting with Linux (especially Debian and Ubuntu), tinkering with pfSense routers, happy experimenting with LEMP (Linux, Nginx, MariaDB, PHP) and Redis. You can contact me here.

NOTE: CentOS 5 is no longer supported by the developer, I have made a new tutorial to install OpenVPN server using Pritunl and Ubuntu, please see here.

To be able to play Point Blank Garena, we must use a tunnel such as SSH, Proxy, WTFast, VPN, and so on. Actually using WTFast can already allow us to play PB Garena. However, because the subscription price is calculated per user at $5.99, this solution is not effective for internet cafes / game centers. Imagine if the cafe has 50 companies, the funds spent can reach $287.50 per month!

For that, I used an alternative to create an OpenVPN server on a VPS based on Linux CentOS 5. It only costs around $10 per month, it can be used by all internet cafe customers. Brilliant solution right? : D

NOTE
Before starting this tutorial on how to install OpenVPN, there are a few things you need to know:

  • I am using a VPS based on OpenVZ technology, but it does not allow this installation to run successfully on KVM, Xen or Deditaced Server.
  • No need for a high specification VPS, what matters is to have a connection with good latency between the cafe to the VPS and to the Garena server. For that, look for a VPS located in Singapore.
  • No need for large bandwidth. The game connection doesn't take up too much bandwidth, with 100 GB per month I think it is enough for all customers to play Garena PB.
  • Look for a VPS that DOES NOT offer unlimited bandwidth. My logic is that if the bandwidth is unlimited, then most of the VPS service users are downloaders, it could be that if the bandwidth pipe reaches the peak, there will be a bottleneck and we won't get good latency for playing games.
  • This installation uses CentOS version 5 32 bit, it can also be installed on a 64 bit machine. For other Linux distributions, I do not guarantee a successful installation. Use on your own risk!

If you understand this, then we will go to the installation steps.

INSTALLATION STEPS

The first step is to check whether tun / tap has been activated or not. This is important, because if you haven't activated tun / tap, OpenVPN won't be able to be installed. Run the command

cat / dev / net / tun

If tun / tap has been activated, it will appear:

cat: / dev / net / tun: File descriptor in bad state

If tun / tap is not active, you can activate it via SolusVM.

Next we will install the required packages, run the command:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

Then download LZO RPM. Run the command:

wget https://openvpn.net/release/lzo-1.08-4.rf.src.rpm

Then we will configure the RPMForge repo. For Centos 5 32bit, run:

wget https://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

being for Centos 5 64 bit, run:

wget https://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Next we will build the rpm package, run the command:

rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo - *. rpm
rpm -Uvh rpmforge-release *

And we install OpenVPN now, run the command:

yum install openvpn -y

Copy folder easy-rsa / etc / openvpn / with the command:

cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ / etc / openvpn /

Then we will create a certificate, run the command:

cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all

And we create a CA:

./build-ca

the following screen will appear:

Country Name: fill in the name of the country or just press enter
State or Province Name: fill in the name of the province or just press enter
City: fill in the city name or just press enter
Org Name: fill in the name of the cafe or company or just press enter
Org Unit Name: fill in the department name or just press enter
Common Name: fill in the hostname of your VPS, for example vpn.tuts.web.id
Email Address: fill in your email address or just press enter

Next is to create a server key, run the command:

./build-key-server server

The display will appear like we created the CA above, but there are additional questions:

Common Name: fill in the server name
A challenge password: just empty it, immediately press enter
Optional company name: just press enter
sign the certificate: type y and enter
1 out of 1 certificate requests: type y and enter

Next, we create Diffie Hellman (wait until this process is finished), run the command:

./build-dh

Then we create a configuration file with the command:

nano /etc/openvpn/server.conf

Copy and paste this configuration:

port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert / etc / openvpn /easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin / usr / share / openvpn / plugin / lib / openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 "push" dhcp-option DNS 8.8.8.8 "push" dhcp-option DNS 8.8.4.4 "keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3

Save the configuration above by pressing Ctrl + O then enter. Then press Ctrl + X.

We run OpenVPN with the command:

openvpn service restart

Next we have to enable IP Forwarding, by changing the Sysctl configuration. Run:

nano /etc/sysctl.conf

and change:

net.ipv4.ip_forward = 0

Becomes

net.ipv4.ip_forward = 1

To make changes to the Sysctl configuration, run the command:

sysctl -p

Next we will do iptables routing with the command:

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123

and

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123

Don't forget, to change "123.123.123.123" with your server / VPS IP.

NOTE: Especially for Xen or KVM based VPS, don't use the Iptables routing above, but use:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Then save the Iptables configuration above with the command:

iptables service save

To make username OpenVPN access, enter the command:

useradd username -s / bin / false

being for passwordhis:

passwd username

* Change username with the desired username.

If you want to delete a user, use the command:

userdel username

To make sure OpenVPN is running when the server starts up, run the command:

chkconfig openvpn on

INSTALL THE OPENVPN CLIENT ON THE COMPUTER

We have finished creating the OpenVPN server, then we will install the OpenVPN client on our computer, so we can redirect the connection to the OpenVPN server.

Many OpenVPN clients can be used, but I prefer to use one Securepoint SSL VPN which you can download here.
After you download it, please install Securepoint SSL VPN on your computer.

Before we configure Securepoint SSL VPN, we have to create an ovpn past. Open Notepad, copy and paste the following configuration:

client dev tun proto udp remote 123.123.123.123 1194 # - Enter the IP and port of the OpenVPN server resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca.crt auth-user-pass comp-lzo reneg-sec 0 verb 3

Make sure to replace 123.123.123.123 with your OpenVPN server IP. Save the configuration above with a file name vpn.ovpn, and save it in any folder.

Then download the file ca.crt on your OpenVPN server. File location ca.crt is in the directory /etc/openvpn/easy-rsa/2.0/keys/ (You can download using Filezilla, or any other SFTP program). Put files ca.crt this is in the same location as the vpn.ovpn.

Run Securepoint SSL VPN, then click the button "Import". In column "Import existing configuration“, Browse the file vpn.ovpn which we made earlier. And click the button "Import". Then a pop-up box will appear asking for username & password. Securepoint SSL VPN will try to connect to our OpenVPN server. If successful, the connection status will appear "Connection Established". See the picture below.

vpn

Open a browser, and visit whatismyip.com, if it shows the IP address of your OpenVPN server, it means that the connection has been successfully redirected. And now you can run PB Garena Singapore.

For those of you who want to set up OpenVPN on iOS devices (iPhone and iPad), follow the tutorial here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on whatsapp
WhatsApp
Share on telegram
Telegram
Share on email
E-mail

Latest articles:

MongoDB logo
Linux

Easy to Install MongoDB on Ubuntu 20.04

This tutorial explains how to install and configure MongoDB Community Edition on Ubuntu 20.04. MongoDB is a free, open-source document database. Belongs to the so-called database family

32 Responses

  1. Om, if I want to add / edit / delete user accounts ... do I have to restart the VPN server ... or can it be done immediately. For example, I have to restart the connection again, it can be disconnected ...

      1. great, is there one more user manager or not? so it's nice if you want to rent the VPN:)))) Can openvpnAS or not? …….

        1. If you want to sell, it's better if the user management system is using FreeRADIUS, combined with the billing system from WHMCS, and connected with the OpenVPN module for WHMCS.

          With this system, users can later sign up themselves, bandwidth can be limited, usernames cannot be used together, and payments can be made using paypal.

    1. if it's just SSH tunneling, don't install OpenVPN. By default, VPS has OpenSSH installed. Just use it.

  2. Mas Ferdian, can I ask for the yahoo messenger id or whatsapp or bb pin?
    I want to ask this, if for example we install opnvpn server on the Ubuntu server, then we want the Singapore IP address, how is the ubuntu server setup? And if we want to subscribe to a VPN host in Singapore, where do we paste their IP address on our ubuntu server?

    best regards

    AndriF_Wijaya

    1. If you want to setup OpenVPN with IP Singapore, Andri needs a VPS or Dedicated Server whose datacenter is in Singapore. Please just googling "VPS Singapore" there will be many hosting providers that provide it.
      Singapore's IP will automatically be pinned to Mas Andri's VPS later. So there is no need to do any more settings. All you need to do is install OpenVPN on the VPS using the tutorial above, or please just googling for other tutorials like this one.

      If you want to contact me japri, please use the page https://tuts.web.id/kontak-author/ , will be sent to my email.

      1. Thanks for feedback mas ferdi,
        Ok, now let me double check it, bro, step by step. (Sorry so I asked for a new tutorial, I think he..he)

        1. We pay / rent VPS hosting in Singapore.

        ===. Question: We will get IP and Port about the VPS that we rented earlier?

        2. Install openVPN server on our router, in my case, on my Ubuntu server.

        ===> questions: 1. here we don't need to enter anything about the VPS we rented earlier?
        2. 10.8.0.0 is the IP address for our virtual network / tun? is that a fix
        or can it be replaced at will as long as we don't clash with our local network IP?

        3. Run the OpenVPN server on the Ubuntu server.

        ===> question: From here we only need to forward through iptables from our IP VPN to the VPS that we rented earlier?

        4. Create an xxx.ovpn file for our client which will later be used for the openVPN client software.

        ===> Question: If we have more than 2 clients behind this router, of course we need IP for each client.
        when do we enter their IP / DHCP options? and if I'm not mistaken, there is an auth option too, bro?

        beforehand, Thanks for all your kindness and time, bro, to guide me in building this OpenVPN server :)

        BestRegards

        AndriF_Wijaya

        1. Ok, I will answer according to my knowledge

          1. IP address will definitely get mas. At least 1 IP address must be obtained. The port is wide open by them, depending on how many ports Andri wants to open & close, go ahead.

          2. What does "include anything" mean, bro? IP 10.8.0.0 is the local IP between OpenVPN client and OpenVPN server. Can be replaced with other local ip.

          3. VPS is the machine, bro, while OpenVPN is the VPN software that we will install into the VPS. so later VPS and OpenVPN will be one unit. Like we install Photoshop on a Windows machine.
          If on the VPS side, it might be called "routing", then later on the client side there is the term "forwarding". For example, if we want to forward computer traffic across Mas Andri's home network, we need to forward traffic through a router. the term is transparent forwarding. Transparent, because it is on the computer side of the network, it doesn't require special settings, because the settings have been done on the router side.

          4. One xxx.ovpn can be used by all clients. The only difference is the username & password. The local IP will be automatically assigned differently for each client (DHCP), but for the outside IP (Singapore IP obtained from the VPS) it will be the same for each client.

          That's my answer, bro, hope it helps. If there is a shortage I apologize.

          1. Ooo .. I just got home, bro.
            Earlier in my mind, we installed openVPN on my Ubuntu server router here (at home), apparently what Ferdi meant, we installed it on our VPS that we rented earlier, through the Putty y terminal.
            Yes, yes, thank you for the enlightenment. btw, is there any input for an affordable Singapore VPS, bro, are there around 13 clients here for use?

            BestRegards

            AndriF_Wijaya

          2. If you want an online CS service, try Softlayer. He doesn't have a VPS, but he does have a cloud server, it's the same. In fact, you get 1 month free cloud server if you use Softlayer.

          3. For Ferdinand himself for the game center, what do you use VPS for? your point of view are valuable references for me / us

          4. for OpenVPN for the net, I use OneAsiaHost, for the web server I use DigitalOcean, while for Content Delivery Network services I use SoftLayer :)

          5. Mister Ferdinand, what if we want to make the OVPN file for multiple clients?

          6. just make 1 ovpn file, it can be created by all clients. What distinguishes each client is only the username & password

    1. Any internet connection can. Speed will not change boss, fast or not the connection depends on your internet package. Centos 6 can, but there are different settings when compared to Centos 5.

  3. Bro, if this works, will my connection be faster because I use a connection from VPS?
    the problem is I want to use a connection from vps to upload movies, if via remote vps linux it's too complicated and can't use a vps connection.

    1. If you ask me, it's the same, bro, whether the connection is fast or not depends on the internet package that you buy. VPN does not work to speed up the connection.

        1. I don't know how logically SSH tunneling or VPN can increase the connection speed. stabilize the connection maybe I can accept, even then with the terms & conditions apply. Maybe you can enlighten me?

  4. bro, this server has 1 openvpn, for example I want to make openvpn on 2 servers or more, how do you configure the OPENVPN CLIENT?

    So for example I have 2 vps (US and SG vps), both of which I want to make an openvpn server, that's how to configure the Openvpn client, how do you open the VPN client, there are 2 server options

    thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related article:

MongoDB logo

Easy to Install MongoDB on Ubuntu 20.04

This tutorial explains how to install and configure MongoDB Community Edition on Ubuntu 20.04. MongoDB is a free, open-source document database. Belongs to the so-called database family

www

World's First Website

On 6 August 1991, without fanfare, British computer scientist Tim Berners-Lee published his first website while working at CERN, the large particle physics laboratory.

rocket nginx

Rocket-Nginx + WP-Rocket: What are the Benefits?

What is Rocket-Nginx? Rocket-Nginx is a configuration add-on to Nginx for the WordPress cache plugin, WP-Rocket. The developer claims that by injecting the Rocket-Nginx configuration, the