Blog

Installing OpenVPN on CentOS 5 and CentOS 6

In this guide we will show you how to setup OpenVPN on centos – the guide will give you a fully working OpenVPN installation, NOT TESTED ON OTHER DISTROS..

t

First step is to check if tun/tap is active:

cat /dev/net/tun

If tun is active then you should see this:

cat: /dev/net/tun: File descriptor in bad state

Make sure you have these packages installed:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

Download LZO RPM and Configure RPMForge Repo:

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

32bit Package:

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

CentOS 6:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm

64bit Package:

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

CentOS 6:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Build the rpm packages:

rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*

Install OpenVPN:

yum install openvpn -y

Copy the easy-rsa folder to /etc/openvpn/:

cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/

**PLEASE NOTE** if the above command brings up an error such as below, then please follow the following steps to download and copy over easy-rsa as its not included in the new build OpenVPN 2.3.1:

cannot stat `/usr/share/doc/openvpn-2.2.2/easy-rsa/’: No such file or directory

Download easy-rsa from below:

wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz

Extract the package:

tar -zxvf easy-rsa-2.2.0_master.tar.gz

Copy to OpenVPN directory:

cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/

Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line:

Change:

export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

To:

export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

And save..

Now let’s create the certificate:

cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all

Build CA:

./build-ca
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter

Build key server:

./build-key-server server
Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y

Build Diffie Hellman (wait a moment until the process finish):

./build-dh

Now create your config file:

touch /etc/openvpn/server.conf

And enter the following:

port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

Save it.

Before we start OpenVPN, lets disable SELinux if enabled, this can cause issues with OpenVPN, especially when using OpenVPN with multiple configs:

echo 0 > /selinux/enforce

This is a temporary solution and will re-enable once you reboot your system, to disable on a permanent basis you need to edit the following /etc/selinux/config and edit this line:

SELINUX=enforcing

To:

SELINUX=disabled

When your system next reboots it will still be disabled.

Now lets start OpenVPN:

service openvpn restart

*Please note if you receive “FAIL” when OpenVPN trys to start and you have the following error in your /var/log/messages:

PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory

Then this is because the latest OpenVPN package doesn’t include this file (which is reported to be fixed soon) but you can download the pam auth file from here for now:

64Bit:

wget http://safesrv.net/public/openvpn-auth-pam.zip

32Bit:

wget http://safesrv.net/public/dl/openvpn-auth-pam.zip

Extract the file:

unzip openvpn-auth-pam.zip

Move to the OpenVPN directory:

mv openvpn-auth-pam.so /etc/openvpn/openvpn-auth-pam.so

Then replace the PAM plugin line in your server.conf to below:

plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login

Restart OpenVPN and all should now work:

killall -9 openvpn
service openvpn restart

Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.

net.ipv4.ip_forward = 1

To make the changes to sysctl.conf take effect, use the following command.

sysctl -p

Route Iptables:

The rule below will work fine on xen and KVM based VPS’s but for OpenVZ use the OpenVZ iptable rule instead:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

OpenVZ iptable rules:

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123

And

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123

Make sure you change 123.123.123.123 to your server IP.

IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF, also its a good idea to add them to /etc/csf/csfpre.sh.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123

If the above rules cause you any problems or don’t seem to work (Especially on cPanel servers) then remove the rules above and use below:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

Please make sure 123.123.123.123 is your main server IP.

Then run…

service iptables save

To setup OpenVPN with your FreeRADIUS installation please follow this link. Link.

Please note if you are using our FreeRADIUS module for WHMCS then you don’t have to do the below step for adding users just follow the link above to setup OpenVPN to auth off FreeRADIUS – otherwise you can create a user as follows:

useradd username -s /bin/false
passwd username

If you wanted to delete a user you would use:

userdel username

Now create a server.ovpn config file and enter the following:

client
dev tun
proto udp
remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3

Make sure you change 123.123.123.123 to your server IP.

And make sure OpenVPN starts at boot:

chkconfig openvpn on

Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it in the same directory as your server.ovpn.

Now download a VPN client and import your config file and enter your username and password created above or if you have already configured OpeVPN Source with the FreeRADIUS plugin, use a username and password created in the radius database.

Looking to disable logging in OpenVPN ? please follow this Link.

Tags: ,
194 replies
  1. Rain says:

    this was nice tutorial…

    but it’s better if you highlight it as Centos 5 not Centos…

    Reply
  2. Jonathan says:

    Thanks for the tutorial, I’ve installed it and I can connect. However, I tried accessing the internet and it wouldn’t let me. I disabled iptables and that didn’t have any effect on it. I cannot access google etc. I can still ping the server I’m connected to. What could be the problem? I’ve tried searching the official openvpn website but they all had iptables issues (which isn’t the case for me).

    Reply
    • Admin says:

      Hi Jonathan

      Are you using this on OpenVZ or Xen ?

      Reply
      • Jonathan says:

        Honestly, I don’t know. I’ve not done much with SSH in the past (I don’t know what Xen/OpenVZ are) *blush*

        All I know is I’ve got CentOS 6 64bit and i’ve followed this tutorial.

        Also, when I turn iptables back on I can’t connect (just stuck on ‘Connecting…’) I’ve followed tutorials on fixing that but they’ve not worked. So I’ve got two issues I suppose.

        Reply
  3. Admin says:

    Feel free to submit a ticket to us via our sales department and if you want i can take a quick look free of charge.

    What do you get if you run this in SSH:

    ifconfig

    OpenVZ is usually venet0 and Xen usually eth0

    Regards
    SafeSrv.net

    Reply
    • Jonathan says:

      I get eth0, eth1, lo & tun0, so I’ve got Xen I assume.

      Reply
      • Admin says:

        Dedicated or Xen yeah – you definitely ran the iptable rule as mentioned and edited sysctl.conf ? try run these and let me know the output:

        killall -9 openvpn

        cd to the OpeVPN directory

        openvpn server.conf

        Then leave this ssh window open and try connect see if you are reaching the VPN server.

        Regards
        SafeSrv.net

        Reply
        • Jonathan says:

          I ran that with iptables and it didn’t change anything. I turned iptables off and the last few lines were;

          testuser/86.23.xx.xxx:59025
          Thu Jul 26 18:19:16 2012 testuser/86.23.xx.xxx:590xx MULTI: primary virtual IP for testuser/86.23.59.105:59025: 10.8.0.6
          Thu Jul 26 18:19:18 2012 testuser/86.23.xx.xxx:590xx PUSH: Received control message: ‘PUSH_REQUEST’
          Thu Jul 26 18:19:18 2012 testuser/86.23.xx.xxx:590xx SENT CONTROL [testuser]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′ (status=1)

          I still couldn’t access the internet though but I could ping my own server ip just fine.

          “Dedicated or Xen yeah”, yep, it’s a dedicated server.

          I reran “sysctl -p” and made sure my server.conf was right, it all was fine but I did get this error about IPv6 (my datacenter says I have IPv6 on the server);

          error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
          error: “net.bridge.bridge-nf-call-iptables” is an unknown key
          error: “net.bridge.bridge-nf-call-arptables” is an unknown key

          I appreciate you helping me, you’re a life saver :)

          Reply
  4. Admin says:

    Hey Jonathan

    No real info in those logs, i would need to take a look myself, other than that, tail the last 50 lines of the /var/log/messages and post here.

    Reply
  5. Admin says:

    No problem, glad it’s sorted now :)

    Reply
  6. phrea says:

    #yum install nano

    Had to enter this or else nano wouldn’t work

    Reply
  7. Truong Chuong Duong says:

    Hello Admin,

    I have same problem with Jonathan. I can connect to server, can ping it after connect. But it cannot connect to any other website. When I ping (e.g. google.com) it got correct IP but show error: Destination host unreachable.

    When ran ifconfig I got :

    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:175 errors:0 dropped:0 overruns:0 frame:0
    TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:9416 (9.1 KiB) TX bytes:12412 (12.1 KiB)

    wlan0 Link encap:Ethernet HWaddr 00:23:4E:86:3E:23
    inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::223:4eff:fe86:3e23/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:21602 errors:0 dropped:0 overruns:0 frame:0
    TX packets:18503 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:15561670 (14.8 MiB) TX bytes:3209221 (3.0 MiB)

    When ran openvpn server.conf i got:

    Sun Sep 16 21:38:39 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Sun Sep 16 21:38:39 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Sun Sep 16 21:38:39 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Sun Sep 16 21:38:39 2012 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Sun Sep 16 21:38:39 2012 Diffie-Hellman initialized with 1024 bit key
    Sun Sep 16 21:38:39 2012 WARNING: file ‘/etc/openvpn/easy-rsa/2.0/keys/server.key’ is group or others accessible
    Sun Sep 16 21:38:39 2012 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Sun Sep 16 21:38:39 2012 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Sep 16 21:38:39 2012 Socket Buffers: R=[229376->131072] S=[229376->131072]
    Sun Sep 16 21:38:39 2012 ROUTE default_gateway=192.168.0.1
    Sun Sep 16 21:38:39 2012 TUN/TAP device tun0 opened
    Sun Sep 16 21:38:39 2012 TUN/TAP TX queue length set to 100
    Sun Sep 16 21:38:39 2012 /sbin/ip link set dev tun0 up mtu 1500
    Sun Sep 16 21:38:39 2012 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
    Sun Sep 16 21:38:39 2012 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
    Sun Sep 16 21:38:39 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Sep 16 21:38:39 2012 UDPv4 link local (bound): 192.168.0.100:1194
    Sun Sep 16 21:38:39 2012 UDPv4 link remote: [undef]
    Sun Sep 16 21:38:39 2012 MULTI: multi_init called, r=256 v=256
    Sun Sep 16 21:38:39 2012 IFCONFIG POOL: base=10.8.0.4 size=62
    Sun Sep 16 21:38:39 2012 Initialization Sequence Completed
    Sun Sep 16 21:40:11 2012 MULTI: multi_create_instance called
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Re-using SSL/TLS context
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 LZO compression initialized
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Local Options hash (VER=V4): ’5b1533a2′
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Expected Remote Options hash (VER=V4): ‘d3a7571a’
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 TLS: Initial packet from 192.168.0.101:61607, sid=ba1360a0 580211d7
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 TLS: Username/Password authentication succeeded for username ‘duongtc’ [CN SET]
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1574′, remote=’link-mtu 1542′
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1532′, remote=’tun-mtu 1500′
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
    Sun Sep 16 21:40:11 2012 192.168.0.101:61607 [duongtc] Peer Connection Initiated with 192.168.0.101:61607
    Sun Sep 16 21:40:11 2012 duongtc/192.168.0.101:61607 MULTI: Learn: 10.8.0.6 -> duongtc/192.168.0.101:61607
    Sun Sep 16 21:40:11 2012 duongtc/192.168.0.101:61607 MULTI: primary virtual IP for duongtc/192.168.0.101:61607: 10.8.0.6
    Sun Sep 16 21:40:13 2012 duongtc/192.168.0.101:61607 PUSH: Received control message: ‘PUSH_REQUEST’
    Sun Sep 16 21:40:13 2012 duongtc/192.168.0.101:61607 SENT CONTROL [duongtc]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′ (status=1)

    When ran sysctl -p I got:

    net.ipv4.ip_forward = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    kernel.sysrq = 0
    kernel.core_uses_pid = 1
    net.ipv4.tcp_syncookies = 1
    error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
    error: “net.bridge.bridge-nf-call-iptables” is an unknown key
    error: “net.bridge.bridge-nf-call-arptables” is an unknown key
    kernel.msgmnb = 65536
    kernel.msgmax = 65536
    kernel.shmmax = 68719476736
    kernel.shmall = 4294967296

    How can I reslove this problem? I tried to install OpenVPN on my laptop computer, it run CentOS 64 bit.

    Many Thank You in Advance

    Reply
    • Admin says:

      Hi there

      What do you have set in /etc/resolv.conf ? have you entered the google nameservers in here ?

      Regards
      SafeSrv.net

      Reply
  8. Truong Chuong Duong says:

    Thank you so much for the wonderfull support you’ve given me. You saved my life.

    My VPN server is now working well.

    Reply
  9. Merlin Silk says:

    Thank you for the tutorial – unfortunately I got stuck at the very beginning, with
    [NET /dev]# cat /dev/net/tun
    cat: /dev/net/tun: No such file or directory

    so, I guess tun/tap is not there. What do I have to do to change that?
    Thanks,
    Merlin

    Reply
    • Admin says:

      Hello

      What sort of server/VPS are you trying to install OpenVPN on ? and yes you may need to ask your host to enable TUN/TAP.

      Reply
  10. Deep Saha says:

    I am getting another type of problem..
    I have openvz and when i try to run this command :

    iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source

    i am getting error :

    iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

    please guide me to fix it..

    Reply
  11. gheath says:

    please look this

    https://forums.openvpn.net/topic11431.html

    i have problem in take ip

    Reply
  12. Wouter says:

    Hi,

    I install openVPN as wrote here but when I try to make a connection I get the message:
    No access server…
    Tips or install help welcome!

    Reply
  13. Deep Saha says:

    hi is there any way to easily manage vpn users .. like can i get any gui interface to manage my vpn users ?

    i have centos6 32bit

    Reply
    • Admin says:

      Hello – i think there is a webmin module but im not 100% sure on that – we do a module if you don’t already know that lets you manage users via WHMCS.

      Reply
      • Deep Saha says:

        ok and 1 more prob i got.. everything went fine but the openvpn is not connecting :(

        Mon Oct 08 01:39:25 2012 NMDVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Apr 25 2011
        Mon Oct 08 01:39:32 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Mon Oct 08 01:39:32 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
        Mon Oct 08 01:39:32 2012 LZO compression initialized
        Mon Oct 08 01:39:32 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
        Mon Oct 08 01:39:32 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
        Mon Oct 08 01:39:32 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
        Mon Oct 08 01:39:32 2012 Local Options hash (VER=V4): ‘d3a7571a’
        Mon Oct 08 01:39:32 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
        Mon Oct 08 01:39:32 2012 UDPv4 link local: [undef]
        Mon Oct 08 01:39:32 2012 UDPv4 link remote: 142.54.177.215:9201
        Mon Oct 08 01:40:32 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
        Mon Oct 08 01:40:32 2012 TLS Error: TLS handshake failed
        Mon Oct 08 01:40:32 2012 TCP/UDP: Closing socket
        Mon Oct 08 01:40:32 2012 SIGUSR1[soft,tls-error] received, process restarting
        Mon Oct 08 01:40:32 2012 Restart pause, 2 second(s)
        Mon Oct 08 01:40:34 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Mon Oct 08 01:40:34 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
        Mon Oct 08 01:40:34 2012 Re-using SSL/TLS context
        Mon Oct 08 01:40:34 2012 LZO compression initialized
        Mon Oct 08 01:40:34 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
        Mon Oct 08 01:40:34 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
        Mon Oct 08 01:40:34 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
        Mon Oct 08 01:40:34 2012 Local Options hash (VER=V4): ‘d3a7571a’
        Mon Oct 08 01:40:34 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
        Mon Oct 08 01:40:34 2012 UDPv4 link local: [undef]
        Mon Oct 08 01:40:34 2012 UDPv4 link remote: 142.54.177.215:9201
        Mon Oct 08 01:41:34 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
        Mon Oct 08 01:41:34 2012 TLS Error: TLS handshake failed
        Mon Oct 08 01:41:34 2012 TCP/UDP: Closing socket
        Mon Oct 08 01:41:34 2012 SIGUSR1[soft,tls-error] received, process restarting
        Mon Oct 08 01:41:34 2012 Restart pause, 2 second(s)
        Mon Oct 08 01:41:36 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Mon Oct 08 01:41:36 2012 NOTE: NMDVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
        Mon Oct 08 01:41:36 2012 Re-using SSL/TLS context
        Mon Oct 08 01:41:36 2012 LZO compression initialized
        Mon Oct 08 01:41:36 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
        Mon Oct 08 01:41:36 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
        Mon Oct 08 01:41:36 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
        Mon Oct 08 01:41:36 2012 Local Options hash (VER=V4): ‘d3a7571a’
        Mon Oct 08 01:41:36 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
        Mon Oct 08 01:41:36 2012 UDPv4 link local: [undef]
        Mon Oct 08 01:41:36 2012 UDPv4 link remote: 142.54.177.215:9201

        Reply
  14. Admin says:

    Hello – try add this >> reneg-sec 0 to server.conf and restart OpenVPN.

    Reply
    • Deep Saha says:

      thanks working grate :D

      Reply
    • Deep Saha says:

      don’t be angry that i am asking questions again and again…

      is there any way by which i wont have any logs in vps , so that i don’t get any DCMA issues or host cant find what i am downloading and from where..

      Reply
      • Admin says:

        Hello – it’s not about logs, your using there IP for the VPN, so you cannot hide this.

        Reply
        • Deep Saha says:

          ohh i see.. thanks a lot for helping me a lot …

          I found a annoying problem just minutes before that the vpn is auto reconnecting after 1 hour ( exact 1 hour ) dunno how to stop this .. but it really feels annoying

          Reply
        • Deep Saha says:

          also if logs cannot be blocked then how to stop torrent ..

          I think if i can block all ports except 80/443 , then torrent download can be reduced..

          btw :

          i have to 2 config running with :

          server 10.1.2.0 255.255.255.0

          and

          server 10.1.0.0 255.255.255.0

          Reply
  15. Deep Saha says:

    Ok mate can you tell me how to block all ports except http , https , ftp , and 22 port ? using iptables

    Reply
  16. JOhn says:

    Linux dedicated : centOS 5 64bit.
    server config:
    local x.x.x.x
    port 143
    proto tcp
    ………..

    #service openvpn start [FAILED]
    Pls, Help

    Reply
  17. Akshay sirohi says:

    brother my vpn is connected but no internet

    Reply
  18. Mainak says:

    I wanted to block torrent access by importing some rules like access only port 80 n port 443. So, i make the following rules in exact order

    iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -s 10.1.0.0/24 -p tcp –dport 80 –j ACCEPT
    iptables -A INPUT -p udp –dport 53 -j ACCEPT
    iptables -A FORWARD -s 10.1.0.0/24 -p tcp –dport 443 –j ACCEPT
    iptables -A FORWARD -s 10.1.0.0/24 -p icmp –j ACCEPT
    iptables -A FORWARD -s 10.1.0.0/24 –j DROP

    iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source 123.123.123.123
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 123.123.123.123

    But problem is that, my vpn can only open ip adresses now… i.e, it cant resolve hostnames into ip. i think it is not acccepting dns server 53 as well. So, how can i fix it?

    Reply
  19. Mainak says:

    HCan u please help me :(

    Reply
  20. Mainak says:

    No i did not figure it out :( How can i resolve it

    Reply
  21. leechpremium says:

    Hi, Great article.. I followed exactly what you have given…But I get this error:

    Service openvpn start
    Starting openvpn : [FAILED]

    Could help me sort it out..

    Reply
  22. Mohammed says:

    I am getting No server certificate verification method has been enabled in the log of openvpn. i have followed your tutorial.

    Reply
  23. Name (required) says:

    followed your tutorial several times but not able to connect here is the log

    Thu Nov 22 23:06:49 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Thu Nov 22 23:06:49 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Thu Nov 22 23:06:49 2012 Re-using SSL/TLS context
    Thu Nov 22 23:06:49 2012 LZO compression initialized
    Thu Nov 22 23:06:49 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Thu Nov 22 23:06:49 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Thu Nov 22 23:06:49 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Nov 22 23:06:49 2012 Local Options hash (VER=V4): ‘d3a7571a’
    Thu Nov 22 23:06:49 2012 Expected Remote Options hash (VER=V4): ’5b1533a2′
    Thu Nov 22 23:06:49 2012 UDPv4 link local: [undef]
    Thu Nov 22 23:06:49 2012 UDPv4 link remote: (ip removed)

    I am not able to

    Reply
    • Admin says:

      Hi how are you trying to connect (What software) ? How are you starting OpenVPN ? try this..

      killall -9 openvpn
      cd /etc/openvpn
      openvpn server.conf

      Then try connect.

      Reply
  24. Deep Saha says:

    on this step I am getting error :

    rpm -Uvh lzo-*.rpm

    [root@host02 ~]# rpm -Uvh lzo-*.rpm
    warning: lzo-1.08-4.rf.src.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
    1:lzo warning: user dag does not exist – using root
    warning: group dag does not exist – using root
    warning: user dag does not exist – using root
    warning: group dag does not exist – using root
    ########################################### [100%]

    I am using CentOS 6 64bit : Linux host02.premiumvpn.org 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

    Reply
  25. Deep Saha says:

    how to setup openvpn with IPv6 ..please help

    Reply
  26. pvtn says:

    Hi all,
    I’m have a problem with my Client. I used OpenVPn GUI for my Win 7 client. Run as Administrator , but it went wrong @@
    Fri Dec 7 08:46:35 2012 192.168.1.202:57894 VERIFY OK: depth=1, /C=VN/ST=VN/L=HCMC/O=SPKT/OU=IT09/CN=NHAN/name=Nhan/emailAddress=nhan@gmail.com
    Fri Dec 7 08:46:35 2012 192.168.1.202:57894 VERIFY OK: depth=0, /C=VN/ST=VN/L=HCMC/O=SPKT/OU=Nhan/CN=nhan/name=Nhan/emailAddress=nhan@gmail.com
    Fri Dec 7 08:46:35 2012 192.168.1.202:57894 TLS Error: Auth Username/Password was not provided by peer
    Fri Dec 7 08:46:35 2012 192.168.1.202:57894 TLS Error: TLS handshake failed
    Fri Dec 7 08:46:35 2012 192.168.1.202:57894 SIGUSR1[soft,tls-error] received, client-instance restarting
    Any help??

    Reply
    • Admin says:

      Hi please try a client called viscosity – import your config and see if it works then, did you enter any auth details when connecting ?

      Reply
  27. g0bez says:

    I just wanted to follow up for those of you who were able to get a tunnel established (so you can ping the OpenVPN server) but weren’t able to get internet (no web pages would load on the OpenVPN client side).

    I resolved this by looking at the iptables rules. In the walkthrough he says you need to run these commands if you have CSF on the same server:

    iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

    Once I added both of these it started working.

    Thanks for the fantastic install instruction — this was really helpful!

    Reply
  28. Mayan calender says:

    Good day! I just would like to give you a big thumbs up for your excellent info you have here on this post.
    I’ll be returning to your site for more soon.

    Reply
  29. David says:

    Hi thanks for this very resourceful article. I manged to get a lot done by following your steps up to this: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE. When I run this command I get the following message

    iptables: No chain/target/match by that name.

    I’m using CENTOS 6.3 x86_64 virtuozzo – server

    Can you tell me what I am doing wrong?

    Thanks!

    Reply
    • Admin says:

      Hi David – you won’t be able to use MASQUERADE as its not virtualised in those containers – you need to use the “OpenVZ snat iptable rules” in the tutorial.

      Reply
  30. Nicholas Rønshof says:

    Hi nice guide, works perfectly.

    But how do I change if I want my interface tun0 to have the ip 10.8.0.100 instead of 10.8.0.1 ???

    and where do you control the dhcp for clients ?

    Kind regards

    Nicholas Rønshof

    Reply
  31. Yoda says:

    Hello,

    first at all, great tutor!
    Simple and easy.

    Only one thing left, client don`t take gateway..
    IP, DNS are fine, only gateway don`t work (i need), so what to do?
    i was try to add in client conf “redirect-gateway” but without success :/

    Reply
    • Admin says:

      Hello, thanks – can you not browse the web ? Have you tried the NAT iptable rules ? have you enabled IP forwarding ?

      Reply
  32. Yoda says:

    Hello,

    tnx. for answer.
    Yes, i enable ip forwarding, i was try with iptables off and problem is that i don`t get gateway IP.
    when is in server conf. file: “push “redirect-gateway def1″”

    And when is set: push “redirect-gateway 10.8.0.1″
    then i get wrong gateway IP from server.
    It should be 10.8.0.1, but i get 10.8.0.5 (don`t know why he get that address).

    Thank you.

    Reply
  33. Yoda says:

    Hello again,

    i just success, this help me:
    http://serverfault.com/a/443169/153253

    One more time great tut.

    Best regards.

    Reply
    • Admin says:

      Hello – excellent, glad you got it sorted, sorry for the delay, its been busy – but thanks for letting us know how you sorted it out, i will certainly take a look into it.

      Reply
  34. Craig says:

    Hello there i get an Not an access server.

    [root@totalsofttecVPN openvpn]# openvpn server.conf
    Sun Jan 13 21:54:40 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Sun Jan 13 21:54:40 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Sun Jan 13 21:54:40 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Sun Jan 13 21:54:40 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Sun Jan 13 21:54:40 2013 Diffie-Hellman initialized with 1024 bit key
    Sun Jan 13 21:54:40 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Sun Jan 13 21:54:40 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jan 13 21:54:40 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
    Sun Jan 13 21:54:40 2013 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.1/255.255.255.255]
    Sun Jan 13 21:54:40 2013 ROUTE default_gateway=192.168.0.1
    Sun Jan 13 21:54:40 2013 TUN/TAP device tun0 opened
    Sun Jan 13 21:54:40 2013 TUN/TAP TX queue length set to 100
    Sun Jan 13 21:54:40 2013 /sbin/ip link set dev tun0 up mtu 1500
    Sun Jan 13 21:54:40 2013 /sbin/ip addr add dev tun0 local 192.168.0.1 peer 192.168.0.2
    Sun Jan 13 21:54:40 2013 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
    Sun Jan 13 21:54:40 2013 /sbin/ip route add 192.168.0.0/24 via 192.168.0.2
    RTNETLINK answers: File exists
    Sun Jan 13 21:54:40 2013 ERROR: Linux route add command failed: external program exited with error status: 2
    Sun Jan 13 21:54:40 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Jan 13 21:54:40 2013 UDPv4 link local (bound): [undef]:1194
    Sun Jan 13 21:54:40 2013 UDPv4 link remote: [undef]
    Sun Jan 13 21:54:40 2013 MULTI: multi_init called, r=256 v=256
    Sun Jan 13 21:54:40 2013 IFCONFIG POOL: base=192.168.0.4 size=62
    Sun Jan 13 21:54:40 2013 Initialization Sequence Completed

    these are the post when running openvpn
    , where can i see the logs ?

    Reply
  35. Craig says:

    [root@totalsofttecVPN openvpn]# openvpn server.conf
    Sun Jan 13 22:30:54 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [P KCS11] [eurephia] built on Apr 5 2012
    Sun Jan 13 22:30:54 2013 NOTE: your local LAN uses the extremely common subnet a ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf licts if you connect to the VPN server from public locations such as internet ca fes that use the same subnet.
    Sun Jan 13 22:30:54 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or hig her to call user-defined scripts or executables
    Sun Jan 13 22:30:54 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn -auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/lo gin]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Sun Jan 13 22:30:54 2013 Diffie-Hellman initialized with 1024 bit key
    Sun Jan 13 22:30:54 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not -required may accept clients which do not present a certificate
    Sun Jan 13 22:30:54 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jan 13 22:30:54 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
    Sun Jan 13 22:30:54 2013 ROUTE default_gateway=192.168.0.1
    Sun Jan 13 22:30:54 2013 TUN/TAP device tun0 opened
    Sun Jan 13 22:30:54 2013 TUN/TAP TX queue length set to 100
    Sun Jan 13 22:30:54 2013 /sbin/ip link set dev tun0 up mtu 1500
    Sun Jan 13 22:30:54 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
    Sun Jan 13 22:30:54 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
    Sun Jan 13 22:30:54 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET: 32 EL:0 AF:3/1 ]
    Sun Jan 13 22:30:54 2013 UDPv4 link local (bound): [undef]:1194
    Sun Jan 13 22:30:54 2013 UDPv4 link remote: [undef]
    Sun Jan 13 22:30:54 2013 MULTI: multi_init called, r=256 v=256
    Sun Jan 13 22:30:54 2013 IFCONFIG POOL: base=10.0.0.4 size=62
    Sun Jan 13 22:30:54 2013 Initialization Sequence Completed
    Sun Jan 13 22:31:03 2013 MULTI: multi_create_instance called
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Re-using SSL/TLS context
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 LZO compression initialized
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel MTU parms [ L:1574 D:1 450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Local Options hash (VER=V4): ’5b153 3a2′
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Expected Remote Options hash (VER=V 4): ‘d3a7571a’
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 TLS: Initial packet from 192.168.0. 122:52311, sid=c92827fe 4dc29bce
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 PLUGIN_CALL: POST /usr/share/openvp n/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 TLS: Username/Password authenticati on succeeded for username ‘kris’ [CN SET]
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Encrypt: Cipher ‘BF-CB C’ initialized with 128 bit key
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Decrypt: Cipher ‘BF-CB C’ initialized with 128 bit key
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 Control Channel: TLSv1, cipher TLSv 1/SSLv3 DHE-RSA-AES256-SHA
    Sun Jan 13 22:31:03 2013 192.168.0.122:52311 [kris] Peer Connection Initiated wi th 192.168.0.122:52311
    Sun Jan 13 22:31:03 2013 kris/192.168.0.122:52311 MULTI: Learn: 10.0.0.6 -> kris /192.168.0.122:52311
    Sun Jan 13 22:31:03 2013 kris/192.168.0.122:52311 MULTI: primary virtual IP for kris/192.168.0.122:52311: 10.0.0.6
    Sun Jan 13 22:31:06 2013 kris/192.168.0.122:52311 PUSH: Received control message : ‘PUSH_REQUEST’
    Sun Jan 13 22:31:06 2013 kris/192.168.0.122:52311 SENT CONTROL [kris]: ‘PUSH_REP LY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 1 0.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (statu s=1)
    ^CSun Jan 13 22:32:32 2013 event_wait : Interrupted system call (code=4)
    Sun Jan 13 22:32:32 2013 TCP/UDP: Closing socket
    Sun Jan 13 22:32:32 2013 /sbin/ip route del 10.0.0.0/24
    Sun Jan 13 22:32:32 2013 Closing TUN/TAP interface
    Sun Jan 13 22:32:32 2013 /sbin/ip addr del dev tun0 local 10.0.0.1 peer 10.0.0.2
    Sun Jan 13 22:32:32 2013 PLUGIN_CLOSE: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
    Sun Jan 13 22:32:32 2013 SIGINT[hard,] received, process exiting
    [root@totalsofttecVPN openvpn]# openvpn server.conf
    Sun Jan 13 22:32:34 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Sun Jan 13 22:32:34 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Sun Jan 13 22:32:34 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Sun Jan 13 22:32:34 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Sun Jan 13 22:32:34 2013 Diffie-Hellman initialized with 1024 bit key
    Sun Jan 13 22:32:34 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Sun Jan 13 22:32:34 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jan 13 22:32:34 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
    Sun Jan 13 22:32:34 2013 ROUTE default_gateway=192.168.0.1
    Sun Jan 13 22:32:34 2013 TUN/TAP device tun0 opened
    Sun Jan 13 22:32:34 2013 TUN/TAP TX queue length set to 100
    Sun Jan 13 22:32:34 2013 /sbin/ip link set dev tun0 up mtu 1500
    Sun Jan 13 22:32:34 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
    Sun Jan 13 22:32:34 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
    Sun Jan 13 22:32:34 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Jan 13 22:32:34 2013 UDPv4 link local (bound): [undef]:1194
    Sun Jan 13 22:32:34 2013 UDPv4 link remote: [undef]
    Sun Jan 13 22:32:34 2013 MULTI: multi_init called, r=256 v=256
    Sun Jan 13 22:32:34 2013 IFCONFIG POOL: base=10.0.0.4 size=62
    Sun Jan 13 22:32:34 2013 Initialization Sequence Completed
    Sun Jan 13 22:32:41 2013 MULTI: multi_create_instance called
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Re-using SSL/TLS context
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 LZO compression initialized
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Local Options hash (VER=V4): ’5b1533a2′
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Expected Remote Options hash (VER=V4): ‘d3a7571a’
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 TLS: Initial packet from 192.168.0.122:55492, sid=d8747c77 2d4d6cdf
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 TLS: Username/Password authentication succeeded for username ‘kris’ [CN SET]
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
    Sun Jan 13 22:32:41 2013 192.168.0.122:55492 [kris] Peer Connection Initiated with 192.168.0.122:55492
    Sun Jan 13 22:32:41 2013 kris/192.168.0.122:55492 MULTI: Learn: 10.0.0.6 -> kris/192.168.0.122:55492
    Sun Jan 13 22:32:41 2013 kris/192.168.0.122:55492 MULTI: primary virtual IP for kris/192.168.0.122:55492: 10.0.0.6
    Sun Jan 13 22:32:44 2013 kris/192.168.0.122:55492 PUSH: Received control message: ‘PUSH_REQUEST’
    Sun Jan 13 22:32:44 2013 kris/192.168.0.122:55492 SENT CONTROL [kris]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (status=1)

    This is what I get but I cannot connect to the internet

    Reply
  36. Craig says:

    openvpn server
    Options error: In [CMD-LINE]:1: Error opening configuration file: server
    Use –help for more information.
    [root@totalsofttecVPN openvpn]# ls
    1194.log easy-rsa server.conf
    [root@totalsofttecVPN openvpn]# openvpn server.conf
    Mon Jan 14 01:27:22 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Mon Jan 14 01:27:22 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Mon Jan 14 01:27:22 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Mon Jan 14 01:27:22 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Mon Jan 14 01:27:22 2013 Diffie-Hellman initialized with 1024 bit key
    Mon Jan 14 01:27:22 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Mon Jan 14 01:27:22 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Jan 14 01:27:22 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
    Mon Jan 14 01:27:22 2013 TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use
    Mon Jan 14 01:27:22 2013 Exiting
    [root@totalsofttecVPN openvpn]# openvpn server.conf
    Mon Jan 14 01:27:44 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Mon Jan 14 01:27:44 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Mon Jan 14 01:27:44 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Mon Jan 14 01:27:44 2013 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Mon Jan 14 01:27:44 2013 Diffie-Hellman initialized with 1024 bit key
    Mon Jan 14 01:27:44 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Mon Jan 14 01:27:44 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Jan 14 01:27:44 2013 Socket Buffers: R=[188416->131072] S=[188416->131072]
    Mon Jan 14 01:27:44 2013 ROUTE default_gateway=192.168.0.1
    Mon Jan 14 01:27:44 2013 TUN/TAP device tun0 opened
    Mon Jan 14 01:27:44 2013 TUN/TAP TX queue length set to 100
    Mon Jan 14 01:27:44 2013 /sbin/ip link set dev tun0 up mtu 1500
    Mon Jan 14 01:27:44 2013 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
    Mon Jan 14 01:27:44 2013 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
    Mon Jan 14 01:27:44 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Mon Jan 14 01:27:44 2013 UDPv4 link local (bound): [undef]:1194
    Mon Jan 14 01:27:44 2013 UDPv4 link remote: [undef]
    Mon Jan 14 01:27:44 2013 MULTI: multi_init called, r=256 v=256
    Mon Jan 14 01:27:44 2013 IFCONFIG POOL: base=10.0.0.4 size=62
    Mon Jan 14 01:27:44 2013 Initialization Sequence Completed
    Mon Jan 14 01:29:15 2013 MULTI: multi_create_instance called
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Re-using SSL/TLS context
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 LZO compression initialized
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Local Options hash (VER=V4): ’5b1533a2′
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Expected Remote Options hash (VER=V4): ‘d3a7571a’
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 TLS: Initial packet from 192.168.0.122:64526, sid=66360a71 7c56d5d8
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 TLS: Username/Password authentication succeeded for username ‘kris’ [CN SET]
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
    Mon Jan 14 01:29:15 2013 192.168.0.122:64526 [kris] Peer Connection Initiated with 192.168.0.122:64526
    Mon Jan 14 01:29:15 2013 kris/192.168.0.122:64526 MULTI: Learn: 10.0.0.6 -> kris/192.168.0.122:64526
    Mon Jan 14 01:29:15 2013 kris/192.168.0.122:64526 MULTI: primary virtual IP for kris/192.168.0.122:64526: 10.0.0.6
    Mon Jan 14 01:29:17 2013 kris/192.168.0.122:64526 PUSH: Received control message: ‘PUSH_REQUEST’
    Mon Jan 14 01:29:17 2013 kris/192.168.0.122:64526 SENT CONTROL [kris]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.0.0.6 10.0.0.5′ (status=1)
    Mon Jan 14 01:29:21 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:25 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:30 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:33 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:39 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:44 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:49 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:29:54 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Mon Jan 14 01:30:00 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

    This are the results now. I already turned off iptables

    these are results for tail -f /var/log/messages

    Jan 13 22:18:39 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:24:11 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:27:00 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:28:36 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:30:54 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:32:34 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 13 22:59:59 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions

    Reply
  37. Craig says:

    Still cant connect i got this on my tail

    tail -f /var/log/messages
    Jan 15 00:58:20 totalsofttecVPN dhclient[1027]: DHCPACK from 192.168.0.1 (xid=0x5d 690dc4)
    Jan 15 00:58:22 totalsofttecVPN dhclient[1027]: bound to 192.168.0.146 — renewal in 33835 seconds.
    Jan 15 10:22:17 totalsofttecVPN dhclient[1027]: DHCPREQUEST on eth0 to 192.168.0.1 port 67 (xid=0x5d690dc4)
    Jan 15 10:22:17 totalsofttecVPN dhclient[1027]: DHCPACK from 192.168.0.1 (xid=0x5d 690dc4)
    Jan 15 10:22:19 totalsofttecVPN dhclient[1027]: bound to 192.168.0.146 — renewal in 40055 seconds.
    Jan 15 21:18:41 totalsofttecVPN kernel: ip_tables: (C) 2000-2006 Netfilter Core Te am
    Jan 15 21:20:36 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 15 21:22:25 totalsofttecVPN kernel: ip_tables: (C) 2000-2006 Netfilter Core Te am
    Jan 15 21:22:56 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions
    Jan 15 21:25:56 totalsofttecVPN kernel: tun0: Disabled Privacy Extensions

    Reply
  38. Craig says:

    got this config

    openvpn server.conf

    Tue Jan 15 21:25:56 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Tue Jan 15 21:25:56 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
    Tue Jan 15 21:25:56 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Tue Jan 15 21:25:56 2013 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Tue Jan 15 21:25:56 2013 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Jan 15 21:25:56 2013 TUN/TAP device tun0 opened
    Tue Jan 15 21:25:56 2013 /sbin/ip link set dev tun0 up mtu 1500
    Tue Jan 15 21:25:56 2013 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
    Tue Jan 15 21:25:56 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Jan 15 21:25:56 2013 UDPv4 link local (bound): [undef]:1194
    Tue Jan 15 21:25:56 2013 UDPv4 link remote: [undef]
    Tue Jan 15 21:25:56 2013 Initialization Sequence Completed

    Reply
  39. kurangturu says:

    how to setup openvpn proto icmp?

    Reply
  40. Pakdoz says:

    Don’t forget to disabled SELINUX. I found that I can’t logging in if selinux is enabled.

    Reply
  41. Jurek says:

    Hello, nice guide! Working everything. Just can’t find SELINUX config file. This: “export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`” need to change only in Centos 6, or need change it in centos 5 too? Btw, add guide how to make a port forwarding.. Would be cool. :D

    Reply
    • Admin says:

      Hi Jurek – we only need to do the vars edit on CentOS 6 – you can’t see the selinux config here ? /etc/selinux/config

      Reply
  42. jarit says:

    I have one urgent question. I want to open all the udp ports 1-65535 in my openvpn server (obviously except those ports which are already bound) …. I am thinking of opening only one port(say 10000) and just forward all port request to this port 10000 … so, we just hav to make only 1 config and 1 iptable routing command. is it feasible ? if yes, how ? What would be the iptables commands to succesfully route all port requests to one port and browse internet ?

    Reply
    • Admin says:

      Hello – its possible, i haven’t tested but it could be something along these lines:

      iptables -t nat -I PREROUTING -i eth0 –dport 1:65535 -j REDIRECT –to-port 10000

      Reply
  43. jarit says:

    Hi
    I believe the above command is for KVM.
    Can you please provide the command for OpenVZ iptables?
    Thanks

    Reply
  44. Eddie says:

    Wow, great tutorial. The only thing I would change is all the nonsense tutorials that I went through before trying this one. Excellent instructions.

    Reply
  45. jarit says:

    Yes, I get this error when I execute that command ” Bad argument `1:65535′ ”
    and I realized that in the command it is not mentioned whether to forward udp ports or tcp ports.
    I just want to forward the udp ports.

    Thanks again for your reply

    Reply
  46. r109 says:

    Does anyone know how to setup the VPN so that the server appears on the clients computer as another LAN device and NOT tunnel all ip protocols through the VPN?

    Instance: Samba Share with file monitoring script, server would be something like route 192.168.1.177 on subnet 255.255.255.0 – how would I set it up so clients can connect to the VPN only for the samba share and not pipe everything else over the VPN? (everything else like standard protocols bittorrent, http, https, etc)

    Reply
  47. Gert says:

    The csf part of these instructions dod not work for me.

    /sbin/iptables -A INPUT -j ACCEPT -s 10.8.0.0/24 -i tun0
    /sbin/iptables -A OUTPUT -j ACCEPT -s 10.8.0.0/24 -o tun0

    /sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i tun0
    /sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o tun0

    /sbin/iptables -t nat –flush
    /sbin/iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j SNAT –to 1.1.1.1

    in csfpre.sh did, however. Thought I’d post it here since this is pretty high up on google for openvpn and csf. Thanks to RACKSET on webhostingtalk.

    Reply
    • Admin says:

      Hi thanks for letting us know although the rules i posted did infact work for me – i will test those rules out :)

      Reply
  48. rudireg says:

    In step: Build the rpm packages:
    When i typing: # rpm -Uvh lzo-*.rpm
    i have a problem:
    ———————————————————————————
    [root@goffmanmark ~]# rpm -Uvh lzo-*.rpm
    1:lzo warning: user dag does not exist – using root
    warning: group dag does not exist – using root
    warning: user dag does not exist – using root
    warning: group dag does not exist – using root
    ########################################### [100%]

    Reply
  49. Patrick says:

    Hello Admin,

    I think my VPS is OpenVZ (cos i see venet in my ifconfig)
    tun/tap too is enabled. can you guide me on how to set the vpn to work for IPSec? I dunno where to start.

    will be much appreciated.

    Reply
    • Admin says:

      Hello we have some tutorials for IPSec – i think if i’m not mistaken that the latest kernel for OpenVZ supports IPSec now so you should be able to follow one of our IPSec tutorials.

      Reply
  50. Terrence says:

    Thank You! Your instructions made OpenVPN installation very easy on CentOS6/OpenVZ

    Reply
  51. Deepak says:

    Need tutorial to setup openvpn for ipv6 ip’s

    Reply
  52. Jayson says:

    I got his.. when I’m connected..
    Wed Mar 27 00:52:11 2013 Replay-window backtrack occurred [1]
    Wed Mar 27 00:52:11 2013 Replay-window backtrack occurred [2]
    so on … how to get rid of it?

    And how would I able to connect on my vpn using proxy? how to set it up.?
    For example, my isp is 10.102.61.46 port 8080 or 80 I guess.. then i want to connect to my vpn
    what should i do?

    Reply
  53. eeks says:

    To use a nasty windows box in network adapters alt to file > edit ect choose advanced settings and make sure tap device is above local to use internet over vpn

    Great tutorial. Wish they’d let static keys run servers and not just tuns

    Reply
  54. VPN Market says:

    Hi, I have this problem with OpenVPN GUI :

    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    I googled this error and openvpn site explain that :

    http://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html

    wha’t ur idea ? :)

    Reply
  55. Daniel says:

    Perfect tutorial. Working fine!

    Danke!

    Reply
  56. Pablo says:

    Hi, i have a problem whit the connection internet next this tutorial.. i’m using VMware Workstation, are the iptables rules valid for this?

    Reply
  57. Christopher Sait says:

    Hi “Admin”,

    Well done for an excellent walk through.

    Works almost out of the box on CentOS 6.4, I set this up on a machine with two interfaces (DMZ and green) and had to play with iptables a while to get what I wanted (input on dmz –> vpn –> green). All I can say is remember to flush the iptables once in a while when you’re messing around… tee hee hee.

    My machine was a stock minimal install CentOS 6.4 with a yum update applied.

    I had to insert a rule into the iptables to accept udp on 1194 – not sure if you want to add this into your guide.

    iptables -I INPUT 3 -p udp –dport 1194 -j ACCEPT

    (Rule inserted high in the chain (3) to be sure).

    Great work and thank you.
    Rgds
    ~C

    Reply
    • Admin says:

      Hello Christopher – thanks :) on your default install of CentOS 6.4, just had to ask, did you have to enter this iptable rule to connect on the default port 1194 ? as normally we wouldn’t have to.

      Reply
  58. Christopher Sait says:

    I did – took me a while to figure out. I was getting silly no route to host errors from my client, So as part of the small investigation I stopped iptables on the 6.4 box. From then on the client connected. Obviously this is pretty useless with no routing, but it was a step forward…

    Happy to try again from scratch if you like – I have an “ESXi playground”. Kinda’ busy until Sunday afternoon though.

    Rgds
    ~C

    Reply
  59. Nam says:

    Hi Admin!

    My client (10.8.0.6) can connect server openvpn (10.8.0.1) but I don’t ping from 10.8.0.6 to 10.8.0.1).
    Beside I can’t access my LAN. I try email admin@salesrv.net, but email error
    From: Mail Delivery Subsystem
    Date: Fri, May 10, 2013 at 9:38 AM
    To: driveint@gmail.com

    Delivery to the following recipient failed permanently:

    admin@salesrv.net

    Technical details of permanent failure:
    DNS Error: Domain name not found

    Please help me.

    Reply
    • Admin says:

      Hello – you got my email wrong :) its admin@safesrv.net – you have “admin@salesrv.net” replace l with f. If i understand you correct you want to add client-to-client to your config file.

      Reply
  60. Aaron says:

    Hi Admin,

    I am having the same problem as everyone else…. seems that I am able to connect to the server but I can’t connect anywhere else. No website browsing or etc.

    Can you help tell me what’s the solution to that problem?

    I’m on a Dedicated Server and the funny part is that they everything connects fine, just not able to browse.

    Hope you could help me out.

    Reply
    • Admin says:

      Hello – did you use the appropriate NAT rule ? can you copy here iptables-save and cat /etc/sysctl.conf

      Reply
  61. Fabio says:

    I must thank the admin here at this website, because he helped me figure out a problem. Thank you so much man.

    Reply
  62. Achraf says:

    I want to thank the admin at this website for your help to resolve my problem.

    Thank you very much.

    Reply
  63. Vamos says:

    Hello, i’ve a problem, when i want to launch i’ve this error
    May 31 19:46:39 gta openvpn[1484]: PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory
    May 31 19:46:39 gta openvpn[1484]: Exiting due to fatal error

    Reply
  64. Pammy says:

    I am getting the same error as Vamos: PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory

    Looks like the openvpn-auth-pam.so is missing? Also found the following link – but no info on how to resolve this:
    https://forums.openvpn.net/topic12965.html

    Reply
  65. Marketto says:

    Hi Admin,
    i’ve installed my openvpn server using your tutorial, all works fine, except for ping from Server to Client.
    I can ping from all client the server as well, from client-to-client but i can’t ping from server to client ip!
    this is my server.conf:
    port 443 #- port
    port-share localhost 1443
    proto tcp #- protocol
    dev tun
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    reneg-sec 0
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
    plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login

    ifconfig-pool-persist ipp.txt
    client-to-client
    client-cert-not-required
    username-as-common-name
    server 10.8.0.0 255.255.255.0

    push “dhcp-option DNS 8.8.8.8″
    push “dhcp-option DNS 8.8.4.4″
    persist-key
    persist-tun
    log openvpn.log
    status openvpn-status.log 5
    verb 3

    client.conf:
    client
    dev tun
    proto tcp
    remote xxx.xxx.xxx.xxx 443 # – Your server IP and OpenVPN Port
    resolv-retry infinite
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ca ca.crt
    auth-user-pass

    reneg-sec 0
    verb 3

    iptables rules:
    -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source xxx.xxx.xxx.xxx

    I’m on a dedicated server machine.
    thanks a lot for your tutorial and thanks in advance for your help. :)

    Reply
  66. apis17 says:

    i have error with your openvpn-auth-pam.so file. i’ve attaced working copy from my previous openvpn installation (32bit) OpenVPN 2.2.2 i686

    http://www.mediafire.com/download/by0niwa6we59w3l/openvpn-auth-pam.so

    i think your version is x64
    PLUGIN_INIT: could not load plugin shared object /etc/openvpn/openvpn-auth-pam.so: /etc/openvpn/openvpn-auth-pam.so: wrong ELF class: ELFCLASS64

    Reply
  67. Mohan says:

    Hi ! Thanks for posting. Its great ! working well for me… I tried to enable selinux and firewall, and forward the source.. but, its not working… if disable selinux and firewall works well…

    Can anyone advice me ?

    Reply
  68. Rahul says:

    Hi Admin,
    Thank you for sharing this tutorial and you have done great job..!!
    I went through all the steps & process to setup openvpn server without any errors, which is really good.
    However, I’m unable to connect to vpn server. When I looked at the logs see below error i could see. Tried goggled for answers was not successful.
    Highly appreciate you help in fix my problem.!!
    my Setup:
    OpenVPN Server installed CentOS 6.4 (32-bit).
    Aug 6 15:23:08 L2-OVPN openvpn[18699]: 192.168.6.135:1194 [UNDEF] Inactivity timeout (–ping-restart), restarting
    Aug 6 15:23:08 L2-OVPN openvpn[18699]: 192.168.6.135:1194 SIGUSR1[soft,ping-restart] received, client-instance restarting
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: MULTI: multi_create_instance called
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 Re-using SSL/TLS context
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 LZO compression initialized
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 Local Options hash (VER=V4): ’5b1533a2′
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 Expected Remote Options hash (VER=V4): ‘d3a7571a’
    Aug 6 15:23:12 L2-OVPN openvpn[18699]: 192.168.6.135:1194 TLS: Initial packet from 192.168.6.135:1194, sid=fe8bdfcc c903356e
    Aug 6 15:23:14 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:15 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:16 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:17 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:18 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:19 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:20 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
    Aug 6 15:23:21 L2-OVPN openvpn[18699]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

    Reagrds,
    Rahul

    Reply
    • Admin says:

      Hi Rahul

      Can you confirm OpenVPN is running on this port ? lsof -i :1194 Whats the output of the command iptables-save ?

      Reply
      • Rahul says:

        Hi Admin,
        Thank you very much for your reply.
        Yes, openvpn server is running .
        Regards,
        Rahul
        [root@L2-OVPN etc]# lsof -i:1194
        COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
        openvpn 18699 root 6u IPv4 34353 0t0 UDP *:openvpn
        [root@L2-OVPN etc]# iptables-save
        # Generated by iptables-save v1.4.7 on Mon Aug 12 08:50:59 2013
        *nat
        :PREROUTING ACCEPT [28537:4497665]
        :POSTROUTING ACCEPT [278:18578]
        :OUTPUT ACCEPT [278:18578]
        -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
        -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 192.168.6.169
        COMMIT
        # Completed on Mon Aug 12 08:50:59 2013
        [root@L2-OVPN etc]# ifconfig
        eth0 Link encap:Ethernet HWaddr 00:0C:29:11:12:E8
        inet addr:192.168.6.169 Bcast:192.168.6.255 Mask:255.255.255.0
        inet6 addr: fe80::20c:29ff:fe11:12e8/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
        RX packets:370180 errors:2 dropped:0 overruns:0 frame:0
        TX packets:73994 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:99499449 (94.8 MiB) TX bytes:10370347 (9.8 MiB)
        Interrupt:19 Base address:0×2000

        lo Link encap:Local Loopback
        inet addr:127.0.0.1 Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING MTU:16436 Metric:1
        RX packets:4 errors:0 dropped:0 overruns:0 frame:0
        TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)

        tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
        inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
        UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:100
        RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

        [root@L2-OVPN etc]# ps ax | grep openvpn
        18691 ? S 0:00 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –config server.co nf –cd /etc/openvpn –script-security 2
        18699 ? Ss 0:19 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –config server.co nf –cd /etc/openvpn –script-security 2
        19180 pts/1 S+ 0:00 grep openvpn
        [root@L2-OVPN etc]# sestatus
        SELinux status: enabled
        SELinuxfs mount: /selinux
        Current mode: permissive
        Mode from config file: disabled
        Policy version: 24
        Policy from config file: targeted

        Reply
      • Rahul says:

        Hi Admin,
        Thank you very much for you reply.
        Yes, openvpn is running. Below are output of commands requested.

        [root@L2-OVPN etc]# lsof -i:1194
        COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
        openvpn 18699 root 6u IPv4 34353 0t0 UDP *:openvpn
        [root@L2-OVPN etc]# iptables-save
        # Generated by iptables-save v1.4.7 on Mon Aug 12 08:50:59 2013
        *nat
        :PREROUTING ACCEPT [28537:4497665]
        :POSTROUTING ACCEPT [278:18578]
        :OUTPUT ACCEPT [278:18578]
        -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
        -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 192.168.6.169
        COMMIT
        # Completed on Mon Aug 12 08:50:59 2013
        [root@L2-OVPN etc]# ifconfig
        eth0 Link encap:Ethernet HWaddr 00:0C:29:11:12:E8
        inet addr:192.168.6.169 Bcast:192.168.6.255 Mask:255.255.255.0
        inet6 addr: fe80::20c:29ff:fe11:12e8/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
        RX packets:370180 errors:2 dropped:0 overruns:0 frame:0
        TX packets:73994 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:99499449 (94.8 MiB) TX bytes:10370347 (9.8 MiB)
        Interrupt:19 Base address:0×2000

        lo Link encap:Local Loopback
        inet addr:127.0.0.1 Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING MTU:16436 Metric:1
        RX packets:4 errors:0 dropped:0 overruns:0 frame:0
        TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)

        tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
        inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
        UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:100
        RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

        [root@L2-OVPN etc]# ps ax | grep openvpn
        18691 ? S 0:00 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –config server.co nf –cd /etc/openvpn –script-security 2
        18699 ? Ss 0:19 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –config server.co nf –cd /etc/openvpn –script-security 2
        19180 pts/1 S+ 0:00 grep openvpn
        [root@L2-OVPN etc]# sestatus
        SELinux status: enabled
        SELinuxfs mount: /selinux
        Current mode: permissive
        Mode from config file: disabled
        Policy version: 24
        Policy from config file: targeted

        Regards,
        Rahul

        Reply
        • Admin says:

          Hi please re-run this command lsof -i :1194 – make sure there is a space between i and : – also i would disable selinux for now.

          Reply
          • Rahul says:

            Hi Admin,
            Below is the output of the command & i did disable the selinux in the config file.
            [root@L2-OVPN ~]# lsof -i :1194
            COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
            openvpn 1348 root 6u IPv4 9009 0t0 UDP *:openvpn
            [root@L2-OVPN ~]# sestatus
            SELinux status: disabled

            Regards,
            Rahul

  69. Victor says:

    How can i do all this on android

    Reply
  70. blinkblue says:

    Hi, My VPS running on rhel 5.
    I get this message when try to start the vpn: PLUGIN_INIT: could not load plugin shared object /etc/openvpn/openvpn-auth-pam.so: /etc/openvpn/openvpn-auth-pam.so: ELF file OS ABI invalid

    Reply
  71. Addy says:

    Hi, I followed the tutorial completely… Here is my log, it is not connecting :/ please help! :(

    Fri Sep 27 23:51:07 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
    Fri Sep 27 23:51:20 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Fri Sep 27 23:51:20 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Fri Sep 27 23:51:20 2013 LZO compression initialized
    Fri Sep 27 23:51:20 2013 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Fri Sep 27 23:51:20 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Fri Sep 27 23:51:20 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Fri Sep 27 23:51:20 2013 Local Options hash (VER=V4): ‘d3a7571a’
    Fri Sep 27 23:51:20 2013 Expected Remote Options hash (VER=V4): ’5b1533a2′
    Fri Sep 27 23:51:20 2013 UDPv4 link local: [undef]
    Fri Sep 27 23:51:20 2013 UDPv4 link remote: 76.164.202.1:1194

    I am using a Xen VPS. CentOS 5.9

    The installation was all good, i didn’t get any errors while following the instructions in ur tutorial!

    Waiting for your assistance .. ..

    Reply
  72. Peter Huynh says:

    Hi, thanks for exellent tutor. Followed your steps and successfully started server, but client failed to connect with errors:
    [root@localhost 102.219openvpn]# openvpn server.ovpn
    Mon Sep 30 23:50:04 2013 OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 5 2010
    Enter Auth Username:test
    Enter Auth Password:
    Mon Sep 30 23:50:09 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Mon Sep 30 23:50:09 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2′ or higher to call user-defined scripts or executables
    Mon Sep 30 23:50:09 2013 LZO compression initialized
    Mon Sep 30 23:50:09 2013 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Sep 30 23:50:09 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Mon Sep 30 23:50:09 2013 Local Options hash (VER=V4): ‘d3a7571a’
    Mon Sep 30 23:50:09 2013 Expected Remote Options hash (VER=V4): ’5b1533a2′
    Mon Sep 30 23:50:09 2013 Socket Buffers: R=[126976->131072] S=[126976->131072]
    Mon Sep 30 23:50:09 2013 UDPv4 link local: [undef]
    Mon Sep 30 23:50:09 2013 UDPv4 link remote: 192.168.102.219:1194
    Mon Sep 30 23:50:09 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    Mon Sep 30 23:50:11 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    Mon Sep 30 23:50:13 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    Mon Sep 30 23:50:16 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    Mon Sep 30 23:50:18 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    Mon Sep 30 23:50:20 2013 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
    ^CMon Sep 30 23:50:21 2013 event_wait : Interrupted system call (code=4)
    Mon Sep 30 23:50:21 2013 TCP/UDP: Closing socket
    Mon Sep 30 23:50:21 2013 SIGINT[hard,] received, process exiting

    [root@localhost 102.219openvpn]# ping 192.168.102.219
    PING 192.168.102.219 (192.168.102.219) 56(84) bytes of data.
    64 bytes from 192.168.102.219: icmp_req=1 ttl=64 time=0.559 ms
    64 bytes from 192.168.102.219: icmp_req=2 ttl=64 time=0.496 ms
    ^C
    — 192.168.102.219 ping statistics —
    2 packets transmitted, 2 received, 0% packet loss, time 1000ms
    rtt min/avg/max/mdev = 0.496/0.527/0.559/0.038 ms

    *my openvpn server on host 192.168.102.219 and status:
    [root@dynamic219 ~]# sestatus
    SELinux status: disabled
    [root@dynamic219 ~]# lsof -i:1194
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    openvpn 1452 root 6u IPv4 9894 0t0 UDP *:openvpn

    [root@dynamic219 ~]# route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    172.16.99.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    172.16.99.0 172.16.99.2 255.255.255.0 UG 0 0 0 tun0
    192.168.100.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
    0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0

    [root@dynamic219 ~]# service openvpn stop
    Shutting down openvpn: [ OK ]
    [root@dynamic219 ~]# service openvpn start
    Starting openvpn: [ OK ]
    [root@dynamic219 ~]# less /var/log/messages
    Sep 30 16:49:39 dynamic219 openvpn[1452]: OpenVPN CLIENT LIST
    Sep 30 16:49:39 dynamic219 openvpn[1452]: Updated,Mon Sep 30 16:49:39 2013
    Sep 30 16:49:39 dynamic219 openvpn[1452]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
    Sep 30 16:49:39 dynamic219 openvpn[1452]: ROUTING TABLE
    Sep 30 16:49:39 dynamic219 openvpn[1452]: Virtual Address,Common Name,Real Address,Last Ref
    Sep 30 16:49:39 dynamic219 openvpn[1452]: GLOBAL STATS
    Sep 30 16:49:39 dynamic219 openvpn[1452]: Max bcast/mcast queue length,0
    Sep 30 16:49:39 dynamic219 openvpn[1452]: END
    Sep 30 16:52:59 dynamic219 openvpn[1452]: event_wait : Interrupted system call (code=4)
    Sep 30 16:52:59 dynamic219 openvpn[1452]: TCP/UDP: Closing socket
    Sep 30 16:52:59 dynamic219 openvpn[1452]: /sbin/ip route del 172.16.99.0/24
    Sep 30 16:52:59 dynamic219 openvpn[1452]: Closing TUN/TAP interface
    Sep 30 16:52:59 dynamic219 openvpn[1452]: /sbin/ip addr del dev tun0 local 172.16.99.1 peer 172.16.99.2
    Sep 30 16:52:59 dynamic219 openvpn[1452]: PLUGIN_CLOSE: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
    Sep 30 16:52:59 dynamic219 openvpn[1452]: SIGTERM[hard,] received, process exiting
    Sep 30 16:53:01 dynamic219 openvpn[1830]: OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
    Sep 30 16:53:01 dynamic219 openvpn[1830]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Sep 30 16:53:01 dynamic219 openvpn[1830]: PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so ‘[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]‘ intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
    Sep 30 16:53:01 dynamic219 openvpn[1830]: Diffie-Hellman initialized with 1024 bit key
    Sep 30 16:53:01 dynamic219 openvpn[1830]: WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
    Sep 30 16:53:01 dynamic219 openvpn[1830]: TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sep 30 16:53:01 dynamic219 openvpn[1830]: Socket Buffers: R=[229376->131072] S=[229376->131072]
    Sep 30 16:53:01 dynamic219 openvpn[1830]: ROUTE default_gateway=192.168.100.1
    Sep 30 16:53:01 dynamic219 openvpn[1830]: TUN/TAP device tun0 opened
    Sep 30 16:53:01 dynamic219 openvpn[1830]: TUN/TAP TX queue length set to 100
    Sep 30 16:53:01 dynamic219 openvpn[1830]: /sbin/ip link set dev tun0 up mtu 1500
    Sep 30 16:53:01 dynamic219 kernel: tun0: Disabled Privacy Extensions
    Sep 30 16:53:01 dynamic219 openvpn[1830]: /sbin/ip addr add dev tun0 local 172.16.99.1 peer 172.16.99.2
    Sep 30 16:53:01 dynamic219 openvpn[1830]: /sbin/ip route add 172.16.99.0/24 via 172.16.99.2
    Sep 30 16:53:01 dynamic219 openvpn[1830]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Sep 30 16:53:01 dynamic219 openvpn[1839]: UDPv4 link local (bound): [undef]:1194
    Sep 30 16:53:01 dynamic219 openvpn[1839]: UDPv4 link remote: [undef]
    Sep 30 16:53:01 dynamic219 openvpn[1839]: MULTI: multi_init called, r=256 v=256
    Sep 30 16:53:01 dynamic219 openvpn[1839]: IFCONFIG POOL: base=172.16.99.4 size=62
    Sep 30 16:53:01 dynamic219 openvpn[1839]: Initialization Sequence Completed
    [root@dynamic219 ~]#

    [root@dynamic219 ~]# iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 35 packets, 3324 bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 10 packets, 800 bytes)
    pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all — * eth0 172.16.99.0/24 0.0.0.0/0
    0 0 SNAT all — * * 172.16.99.0/24 0.0.0.0/0 to:192.168.102.219

    Chain OUTPUT (policy ACCEPT 10 packets, 800 bytes)
    pkts bytes target prot opt in out source destination

    Any advices ?
    Thanks for your time
    Peter

    Reply
    • Admin says:

      Hi Peter

      Do you have DNS set on your machine ? This is one thing that can cause that issue, another is a firewall somewhere on the network, especially when it comes to UDP.

      Regards

      Reply
  73. Martin says:

    Hi ,
    I do all step but I don’t know how i’ll connect !
    please if you can help me in installation again and how to connect
    regards

    Reply
  74. collins says:

    thanks for this tutorial, i have bben able to setup openvp. plz admin i have this error popping out after i connect with d server
    “write to TUN/TAP [State=AT?c Err=[c:\users\samuli\tap-windows-github\src\tapdrvr.c/2475] #O=2 Tx=[101,0] Rx=[0,13] IrpQ=[1,1,16] PktQ=[0,3,64] InjQ=[0,1,16]]: The data area passed to a system call is too small. (code=122)” and it’ll keep restart, plz what is d solution

    Reply
  75. Suleman says:

    HI admin,

    I installed openVPN successfully, ITs working and i am able to connect but its showing me my ISP ip :( stucked. please help would be thankful.

    Reply
  76. shahril says:

    Hi thanks for the instruction success to setup and config also no problem testing at my windows , but how can i also set for smartphon device vpn? im using android anyway can help me? thanks

    Reply
  77. andykimpe says:

    this tutorial is for me the most comprehensive but it still has an error

    must be changed

    rpm -Uvh lzo-*.rpm

    by

    rpm -Uvh $USER/rpmbuild/RPMS/$(uname -m)//lzo-*.rpm

    rpm files for recompiling is situated in $USER/rpmbuild/RPMS/$(uname -m)/

    and no in $USER

    thank

    Reply
  78. vuhy says:

    Dear admin, is the iptables ok for hyper-v? my centos 6 is running on hyper-v.

    Reply
  79. Asmir says:

    Hi.

    I have followed your instructions to the letter and I managed to connect to VPN without problem, but after reboot, I can connect but cannot open any internet pages.

    Here is the connection log:

    Thu Dec 12 15:20:08 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
    Enter Management Password:
    Thu Dec 12 15:20:08 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
    Thu Dec 12 15:20:08 2013 Need hold release from management interface, waiting…
    Thu Dec 12 15:20:08 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
    Thu Dec 12 15:20:08 2013 MANAGEMENT: CMD ‘state on’
    Thu Dec 12 15:20:08 2013 MANAGEMENT: CMD ‘log all on’
    Thu Dec 12 15:20:08 2013 MANAGEMENT: CMD ‘hold off’
    Thu Dec 12 15:20:08 2013 MANAGEMENT: CMD ‘hold release’
    Thu Dec 12 15:20:08 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Thu Dec 12 15:20:08 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Thu Dec 12 15:20:08 2013 UDPv4 link local: [undef]
    Thu Dec 12 15:20:08 2013 UDPv4 link remote: [AF_INET]146.185.26.95:1194
    Thu Dec 12 15:20:08 2013 MANAGEMENT: >STATE:1386858008,WAIT,,,
    Thu Dec 12 15:20:08 2013 MANAGEMENT: >STATE:1386858008,AUTH,,,
    Thu Dec 12 15:20:08 2013 TLS: Initial packet from [AF_INET]146.185.26.95:1194, sid=710531f6 c2b51356
    Thu Dec 12 15:20:08 2013 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
    Thu Dec 12 15:20:09 2013 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=vps, name=vps, emailAddress=mail@host.domain
    Thu Dec 12 15:20:09 2013 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=vps, name=vps, emailAddress=mail@host.domain
    Thu Dec 12 15:20:09 2013 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Thu Dec 12 15:20:09 2013 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Thu Dec 12 15:20:09 2013 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Thu Dec 12 15:20:09 2013 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Thu Dec 12 15:20:09 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Thu Dec 12 15:20:09 2013 [vps] Peer Connection Initiated with [AF_INET]146.185.26.95:1194
    Thu Dec 12 15:20:10 2013 MANAGEMENT: >STATE:1386858010,GET_CONFIG,,,
    Thu Dec 12 15:20:11 2013 SENT CONTROL [vps]: ‘PUSH_REQUEST’ (status=1)
    Thu Dec 12 15:20:11 2013 PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′
    Thu Dec 12 15:20:11 2013 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Dec 12 15:20:11 2013 OPTIONS IMPORT: –ifconfig/up options modified
    Thu Dec 12 15:20:11 2013 OPTIONS IMPORT: route options modified
    Thu Dec 12 15:20:11 2013 OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
    Thu Dec 12 15:20:11 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Thu Dec 12 15:20:11 2013 MANAGEMENT: >STATE:1386858011,ASSIGN_IP,,10.8.0.6,
    Thu Dec 12 15:20:11 2013 open_tun, tt->ipv6=0
    Thu Dec 12 15:20:11 2013 TAP-WIN32 device [Local Area Connection 3] opened: \.Global{7629531D-4AEC-4B11-A5D2-AFCA15561426}.tap
    Thu Dec 12 15:20:11 2013 TAP-Windows Driver Version 9.9
    Thu Dec 12 15:20:11 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {7629531D-4AEC-4B11-A5D2-AFCA15561426} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
    Thu Dec 12 15:20:11 2013 Successful ARP Flush on interface [30] {7629531D-4AEC-4B11-A5D2-AFCA15561426}
    Thu Dec 12 15:20:16 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
    Thu Dec 12 15:20:16 2013 C:windowssystem32route.exe ADD 146.185.26.95 MASK 255.255.255.255 192.168.0.1
    Thu Dec 12 15:20:16 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Thu Dec 12 15:20:16 2013 Route addition via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:16 2013 C:windowssystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
    Thu Dec 12 15:20:16 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Thu Dec 12 15:20:16 2013 Route addition via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:16 2013 C:windowssystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
    Thu Dec 12 15:20:16 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Thu Dec 12 15:20:16 2013 Route addition via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:16 2013 MANAGEMENT: >STATE:1386858016,ADD_ROUTES,,,
    Thu Dec 12 15:20:16 2013 C:windowssystem32route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
    Thu Dec 12 15:20:16 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Thu Dec 12 15:20:16 2013 Route addition via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:16 2013 Initialization Sequence Completed
    Thu Dec 12 15:20:16 2013 MANAGEMENT: >STATE:1386858016,CONNECTED,SUCCESS,10.8.0.6,146.185.26.95
    Thu Dec 12 15:20:49 2013 C:windowssystem32route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
    Thu Dec 12 15:20:49 2013 Route deletion via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:49 2013 C:windowssystem32route.exe DELETE 146.185.26.95 MASK 255.255.255.255 192.168.0.1
    Thu Dec 12 15:20:49 2013 Route deletion via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:49 2013 C:windowssystem32route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
    Thu Dec 12 15:20:49 2013 Route deletion via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:49 2013 C:windowssystem32route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
    Thu Dec 12 15:20:49 2013 Route deletion via IPAPI succeeded [adaptive]
    Thu Dec 12 15:20:49 2013 Closing TUN/TAP interface
    Thu Dec 12 15:20:49 2013 SIGTERM[hard,] received, process exiting
    Thu Dec 12 15:20:49 2013 MANAGEMENT: >STATE:1386858049,EXITING,SIGTERM,,

    Also, here is my iptables, for some reason those rules set and saved are no longer there in the iptables:

    # Generated by iptables-save v1.4.7 on Thu Dec 12 15:26:36 2013
    *filter
    :INPUT ACCEPT [5378:728160]
    :FORWARD ACCEPT [3632:287212]
    :OUTPUT ACCEPT [1096:138648]
    COMMIT
    # Completed on Thu Dec 12 15:26:36 2013
    # Generated by iptables-save v1.4.7 on Thu Dec 12 15:26:36 2013
    *mangle
    :PREROUTING ACCEPT [9010:1015372]
    :INPUT ACCEPT [5378:728160]
    :FORWARD ACCEPT [3632:287212]
    :OUTPUT ACCEPT [1097:139127]
    :POSTROUTING ACCEPT [4728:425860]
    COMMIT
    # Completed on Thu Dec 12 15:26:36 2013
    # Generated by iptables-save v1.4.7 on Thu Dec 12 15:26:36 2013
    *nat
    :PREROUTING ACCEPT [1049:66089]
    :POSTROUTING ACCEPT [1047:65637]
    :OUTPUT ACCEPT [32:2495]
    COMMIT
    # Completed on Thu Dec 12 15:26:36 2013

    I used these rules as I am on OpenVZ

    iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source xx.xx.xx.xx
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source xx.xx.xx.xx
    where xx.xx.xx.xx = my server IP

    Here is my resolv.conf:

    nameserver 4.2.2.2
    nameserver 8.8.8.8

    Can you please help me, I have no idea where to go forward from here? :-(

    Much appreciated.

    Reply
  80. Carlos Bravo says:

    Hi, Im following the instructions for setting up the server and it show this error
    Jan 22 21:01:44 pbx openvpn[30914]: PLUGIN_INIT: could not load plugin shared object /etc/openvpn/openvpn-auth-pam.so: /etc/openvpn/openvpn-auth-pam.so: ELF file OS ABI invalid
    Jan 22 21:01:44 pbx openvpn[30914]: Exiting due to fatal error

    What I am doing wrong?

    Reply
    • Admin says:

      Hello what version of Centos are you running ?

      Reply
      • JDO says:

        Same for me, shared openvpn-auth-pam.so was not found, after downloading it, openvpn startup failed: PLUGIN_INIT: could not load plugin shared object /etc/openvpn/openvpn-auth-pam.so: /etc/openvpn/openvpn-auth-pam.so: ELF file OS ABI invalid: No such file or directory (errno=2).
        File does exist, but it is formatted differently? OS: CentOS release 5.10 (Final)
        Thanks

        Reply
  81. Afto Bus says:

    Hello.

    Super!!!
    It is a nice HowTo, working fine, but… what a strange situation – yesterday I connected client to server and 100% was working fine, today seems to be some problems
    “Fri Jan 24 10:48:26 2014 AUTH: Received AUTH_FAILED control message
    Fri Jan 24 10:48:26 2014 TCP/UDP: Closing socket
    Fri Jan 24 10:48:26 2014 SIGTERM[soft,auth-failure] received, process exiting”

    If I copy-paste from server ca.crt (the same from yesterday) it will connect without problems.
    Certificate is valid until 2024 :)

    Can you help me please?

    Regards!

    Reply
    • afto_bus says:

      PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
      Status is 1
      After 2-3 retries the status is 0
      POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
      and everything is OK.

      Where is the problem?

      Regards

      Reply
      • Admin says:

        Are you able to post full VPN logs ?

        Reply
        • Afto Bus says:

          Feb 18 20:13:17 localhost openvpn[2980]: IP:50423 TLS: Initial packet from [AF_INET] IP:50423, sid=040d11cb 913214b7
          Feb 18 20:13:23 localhost openvpn[2980]: IP:50423 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
          Feb 18 20:13:23 localhost openvpn[2980]: IP:50423 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/radiusplugin.so
          Feb 18 20:13:23 localhost openvpn[2980]: IP:50423 TLS Auth Error: Auth Username/Password verification failed for peer
          Feb 18 20:13:23 localhost openvpn[2980]: IP:50423 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
          Feb 18 20:13:23 localhost openvpn[2980]: IP:50423 Peer Connection Initiated with [AF_INET]79.115.161.38:50423
          Feb 18 20:13:25 localhost openvpn[2980]: IP:50423 PUSH: Received control message: ‘PUSH_REQUEST’
          Feb 18 20:13:25 localhost openvpn[2980]: IP:50423 Delayed exit in 5 seconds
          Feb 18 20:13:25 localhost openvpn[2980]: IP:50423 SENT CONTROL [UNDEF]: ‘AUTH_FAILED’ (status=1)
          Feb 18 20:13:30 localhost openvpn[2980]: IP8:50423 SIGTERM[soft,delayed-exit] received, client-instance exiting

          Radius is working without problem, and after 1 minutes client connected OK and we have this:
          Feb 18 20:16:21 localhost openvpn[2980]: IP:49668 TLS: Initial packet from [AF_INET]IP:49668, sid=e7de81bf 1d68f0bf
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 TLS: Username/Password authentication succeeded for username ‘user@gmail.com’ [CN SET]
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
          Feb 18 20:16:22 localhost openvpn[2980]: IP:49668 [user@gmail.com] Peer Connection Initiated with [AF_INET]IP:49668
          Feb 18 20:16:22 localhost openvpn[2980]: user@gmail.com/IP:49668 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
          Feb 18 20:16:22 localhost openvpn[2980]: user@gmail.com/IP:49668 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
          Feb 18 20:16:22 localhost openvpn[2980]: user@gmail.com/IP:49668 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_e384f68d3bee293be6761713ca4ae124.tmp
          Feb 18 20:16:22 localhost openvpn[2980]: user@gmail.com/IP:49668 MULTI: Learn: 10.8.0.6 -> user@gmail.com/79.115.161.38:49668
          Feb 18 20:16:22 localhost openvpn[2980]: user@gmail.com/IP:49668 MULTI: primary virtual IP for user@gmail.com/IP:49668: 10.8.0.6
          Feb 18 20:16:25 localhost openvpn[2980]: user@gmail.com/IP:49668 PUSH: Received control message: ‘PUSH_REQUEST’
          Feb 18 20:16:25 localhost openvpn[2980]: user@gmail.com/IP:49668 send_push_reply(): safe_cap=940
          Feb 18 20:16:25 localhost openvpn[2980]: user@gmail.com/IP:49668 SENT CONTROL [user@gmail.com]: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5′ (status=1)

          Can you help me please?
          Seems that something is wrong with radius plugin?

          Regards

          Reply
          • Admin says:

            Hi – im not seeing any issues here, are you using a user that exists in your FreeRADIUS My SQL Database ?

        • Afto Bus says:

          I’ve sent the logs… but… can you see/find it?

          Regards

          Reply
          • Afto Bus says:

            Yes, it is a user from freeradius sql, but first we have status – 1,
            then we have status – 0 with the same user loggon.

            Thanks

  82. Mansur says:

    Hey Admin
    I have VPS with one LAN Card please advise me can i configure OpenVPN on my VPN with one LAN

    Regards
    Mansur

    Reply
  83. rrichiez says:

    I have it installed correctly I see no errors on the log just when accessing the Gui I get a blank screen. I tried this

    /usr/local/openvpn_as/bin/ovpn-init –force
    -bash: /usr/local/openvpn_as/bin/ovpn-init: No such file or directory

    Reply
  84. Jonathan says:

    Hey there, I recieved an error while installing this on Centos 6 x32 bit.
    Error: Package: pkcs11-helper-1.08-1.el5.rf.i386 (rpmforge)
    Requires: libgnutls.so.13(GNUTLS_1_3)
    Error: Package: pkcs11-helper-1.08-1.el5.rf.i386 (rpmforge)
    Requires: libgnutls.so.13
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest

    This is due to the kernel either having a too updated version, or it’s not installed.

    One way to try and fix this is typing yum install gnutls

    Then try running yum install openvpn -y again.
    If this doesn’t work, run yum remove openvpn
    Once removed
    wget http://mirror.centos.org/centos/5/os/i386/CentOS/gnutls-1.4.1-10.el5_9.2.i386.rpm
    rpm -Uvh gnutls-1.4.1-10.el5_9.2.i386.rpm

    Cheers

    Reply

Trackbacks & Pingbacks

  1. […] isn’t included in OpenVPN anymore.  This is from http://safesrv.net/install-openvpn-on-centos/ – Download easy-rsa from below: wget […]

  2. [...] one of your servers need to be come vpn server and the other be come client . you can use pptp openvpn as vpn server. pptp is not recommended these days . what about ssh tunnel ? http://safesrv.net/install-openvpn-on-centos/ [...]

  3. [...] Really?? Putting "how to install openvpn on centos 6" pulls up LOTS of very detailed, easy-to-follow information: http://safesrv.net/install-openvpn-on-centos/ [...]

  4. [...] thanks guys. I've followed instructions from the site below… http://safesrv.net/install-openvpn-on-centos/ but I've run into a problem at the bottom of this copy/paste from the terminal, any ideas?….. [...]

  5. [...] a openvpn on centos 6 but have run into a problem. Here is the link to the tutorial…. http://safesrv.net/install-openvpn-on-centos/ ………………………………………………………………………………….. The [...]

  6. [...] safesrv.net (Algunos datos fueron ampliados para una explicación más [...]

  7. [...] you’d want a the original  how-to you can go to this one which really helped me in setting this one [...]

  8. [...] sudah ON tapi tidak conect Pagi semua, saya mencoba install VPN seperti yang diajarkan website ini Tetapi ketika [...]

  9. [...] follow this guide here. To setup OpenVPN with your FreeRADIUS installation please follow this guide here to install OpenVPN – then follow the guide to setup the OpenVPN FreeRADIUS plugin here. To [...]

  10. [...] This time we are going to setup OpenVPN source to authenticate off FreeRADIUS on Centos 5, should work on other distros, we are not going to cover the OpenVPN installation itself in this tutorial, you can check out our guide for installing OpeVPN here. [...]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Copyright 2013 SafeSrv.net | All Rights Reserved