How to Install and Configure OpenVPN Server with Linux and Windows Clients in RHEL/CentOS 7

Setting up Linux and Windows Clients to Connect to OpenVPN Server

To set up a client (regardless of the distribution or operating system) you will need to copy the ca.crt, server.crt, and server.key files from /etc/openvpn/rsa/keys.

You can do this using sftp in Linux or another FTP client and place them in a directory within your /home (in Linux) or in the config folder (its exact location depends on where you installed the client, most likely in another folder called OpenVPN inside Program Files):

Client Setup for OpenVPN

Client Setup for OpenVPN

Let’s take a look at the contents of the configuration directory in the Linux client. You will note that there’s a file named client.ovpn. This is the main configuration file for the client. If you did not change the default port (1194), you will only need to indicate the IP address of your VPN server. The paths for the certificate and key files are relative to the same directory where client.ovpn is located:

OpenVPN Linux Client Configuration

OpenVPN Linux Client Configuration

The configuration folder in the Windows client:

OpenVPN Windows Client Configuration

OpenVPN Windows Client Configuration

To start OpenVPN in the client:

On Linux:

# sudo nohup openvpn --config client.ovpn &

On Windows:

As Administrator, start OpenVPN GUI from Start –> All programs –> OpenVPN, and it will be launched in the background.

Now fire up a browser and open http://whatismyip.org/ and you should see the IP of your OpenVPN server instead of the public IP provided by your ISP:

OpenVPN Client Connection

OpenVPN Client Connection

Final Considerations

Although in this article we used the generic name server for our VPN server, you can use another name if you want. If that is the case, you will need to rename the configuration file (server.conf) to somethingelse.conf and edit the following lines in the that file:

ca somethingelse.crt
cert somethingelse.crt
key somethingelse.key  # This file should be kept secret

In addition, you can have the VPN service start automatically on boot in the Linux client by adding the following line as a crontab entry:

@reboot /usr/bin/openvpn --config /path/to/client.ovpn

Finally, to set up the required routing as shown in the first image of this article (to enable communication with another machine on the other end of the VPN server), we will need to enable IP forwarding by setting in /etc/sysctl.conf (for future reboots).

net.ipv4.ip_forward = 1

and

# sysctl -w net.ipv4.ip_forward=1

for the setting to take effect immediately.

Summary

In this article we have explained how to set up and configure a VPN server using OpenVPN, and how to set up two remote clients (a Linux box and a Windows machine). You can now use this server as a VPN gateway to secure your web browsing activities. With a little extra effort (and another remote server available) you can also set up a secure file / database server, to name a few examples.

We look forward to hearing from you, so feel free to drop us a note using the form below. Comments, suggestions, and questions about this article are most welcome.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

19 Responses

  1. ashawini says:

    Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server. not able to start openvpn services

  2. kapali says:

    After executing below command, getting following error..

    # systemctl start [email protected]
    

    Job for [email protected] failed because the control process exited with error code. See “systemctl status [email protected]” and “journalctl -xe” for details.

    Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server.

    • Alex Atkin UK says:

      Fedora have simplified how this works now but NOWHERE seems to have bothered to document it.

      You put server.conf files into /etc/openvpn/server/ and clients into /etc/openvpn/client/. This way you can easily enable/disable them without changing the service file.

      Simply issue systemctl enable [email protected] where the bit after the @ is the name of your conf file without the conf at the end.

  3. Chen says:

    Great walkthrough thanks a lot!

    One question:
    Where do client.ca and client.key come from? do I have to generate them on my client (windows)?

    Thanks

    • Chen says:

      Got it.

      On the second page instead of downloading the server.crt and server.key to my client I should have downloaded the client.crt/key I generated earlier. Makes sense.

  4. bhujji says:

    [[email protected] keys]# systemctl -l status [email protected]
    Unit [email protected] could not be found.
    [[email protected] keys]# systemctl -l status [email protected]
    Unit [email protected] could not be found.
    [[email protected] keys]# systemctl -l status [email protected]
    Unit [email protected] could not be found.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.