Install OpenVPN on CentOS and Fedora


This is a guide for all Redhat based distributions, including but not limited to RHEL, CentOS, and Fedora.
RHEL/CentOS Only

You will need to install the EPEL repo to have access to the packages.

EPEL can be found by version here:


Install OpenVPN and easy-rsa

yum install openvpn easy-rsa


Copy default config

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/


Edit /etc/openvpn/server.conf and uncomment the following lines

push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS″
push “dhcp-option DNS″
user nobody
group nobody


Prepare keys directory and copy over easy-rsa

mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa


Edit /etc/openvpn/easy-rsa/vars and update your name and org:

export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”
export KEY_OU=”MyOrganizationalUnit”


Make 1.0.0 the default version (unless using a different version):

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf


Change directory and build the certificate authority:

cd /etc/openvpn/easy-rsa
source ./vars


Build server certificate (press enter through the process and commit with y):

./build-key-server server


Build Diffie Hellman key:



Copy keys to openvpn:

cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn


Build client certificate

cd /etc/openvpn/easy-rsa
./build-key client



CentOS 6: Set iptables rule for routing the OpenVPN subnet:
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
service iptables save


Fedora and CentOS7 using firewalld need a different command (todo)…


If you use APF Firewall, this would be placed in /etc/apf/postroute.rules:

$IPT -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE


IP forwarding must be enabled (not needed on linux containers):

Add to /etc/sysctl.conf

net.ipv4.ip_forward = 1


Set in place

sysctl -p


Start openvpn:

service openvpn start
chkconfig openvpn on


Please login or Register to Submit Answer