How to Install OpenVPN Server on Oracle Linux

In today’s digital world, privacy and security are of utmost importance. One of the best ways to secure your internet connection and protect your sensitive data is by using a Virtual Private Network (VPN). In this article, we’ll walk you through the process of how to install OpenVPN Server on Oracle Linux. This comprehensive guide will cover everything from installing the required packages to configuring the server for optimal performance.

Table of Contents

1. Prerequisites
2. Installing OpenVPN and Easy-RSA
3. Configuring the OpenVPN Server
4. Creating a Public Key Infrastructure (PKI)
5. Configuring the VPN Client
6. Starting the OpenVPN Server
7. Connecting to the OpenVPN Server
8. Conclusion

How to Install OpenVPN Server on Oracle Linux

Prerequisites

Before we begin, ensure that you have the following:

• An Oracle Linux server with root access.
• A static IP address configured for the server.
• Basic knowledge of how to install packages on Oracle Linux.

Note: This guide assumes that you have a clean installation of Oracle Linux. If you have other services running on your server, ensure that they do not conflict with OpenVPN.

Installing OpenVPN and Easy-RSA on Oracle Linux

First, update your server’s package repository:

sudo yum update

Next, install the OpenVPN and Easy-RSA packages:

sudo yum install openvpn easy-rsa -y

Configuring the OpenVPN Server on Oracle Linux

After installing the necessary packages, we’ll create a new configuration file for the OpenVPN server:

sudo cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server.conf

Open the configuration file with your preferred text editor, such as Vim:

sudo vim /etc/openvpn/server.conf

Modify the following lines in the configuration file:

# Change the "proto" line to use the desired protocol (either UDP or TCP)
proto udp

# Uncomment the "user" and "group" lines
user nobody
group nobody

# Uncomment the "persist-key" and "persist-tun" lines
persist-key
persist-tun

# Add the following line to enable compression
compress lz4

# Uncomment the "push" lines for the desired DNS server
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

# Uncomment the "log" and "log-append" lines
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log

Save and close the file.

Creating a Public Key Infrastructure (PKI)

Next, we’ll create a Public Key Infrastructure (PKI) using Easy-RSA to manage our certificates and keys. First, create a new directory to store the Easy-RSA files:

sudo mkdir /etc/openvpn/easy-rsa

Copy the Easy-RSA files to the newly created directory:

sudo cp -R /usr/share/easy-rsa/3/* /etc/openvpn/easy-rsa/

Now, navigate to the Easy-RSA directory:

cd /etc/openvpn/easy-rsa/

Initialize the PKI:

sudo ./easyrsa init-pki

Generate a Certificate Authority (CA):

sudo ./easyrsa build-ca

You will be prompted to enter a passphrase for the CA. Make sure to choose a strong passphrase and keep it secure.

Next, generate a server certificate and key:

sudo ./easyrsa gen-req server nopass

Sign the server certificate with the CA:

sudo ./easyrsa sign-req server server

Generate a Diffie-Hellman (DH) key for secure key exchange:

sudo ./easyrsa gen-dh

Copy the generated certificates, keys, and DH key to the OpenVPN directory:

sudo cp pki/ca.crt /etc/openvpn/
sudo cp pki/issued/server.crt /etc/openvpn/
sudo cp pki/private/server.key /etc/openvpn/
sudo cp pki/dh.pem /etc/openvpn/

Configuring the VPN Client in Linux

For each VPN client, you need to generate a client certificate and key. For example, to create a certificate and key for a client named “client1”:

sudo ./easyrsa gen-req client1 nopass
sudo ./easyrsa sign-req client client1

Create a directory on your local machine to store the client configuration files and certificates:

mkdir ~/openvpn-client1

Transfer the following files from the server to the ~/openvpn-client1 directory on your local machine:

• /etc/openvpn/ca.crt
• /etc/openvpn/easy-rsa/pki/issued/client1.crt
• /etc/openvpn/easy-rsa/pki/private/client1.key

Next, create a new client configuration file named client1.ovpn in the ~/openvpn-client1 directory on your local machine. Add the following content to the file, replacing {server-ip} with your server’s static IP address:

client
dev tun
proto udp
remote {server-ip} 1194
resolv-retry infinite
nobind
persist-key
persist-tun
compress lz4
cipher AES-256-CBC
verb 3
remote-cert-tls server
auth-nocache

<ca>
# Paste the contents of the ca.crt file here
</ca>

<cert>
# Paste the contents of the client1.crt file here
</cert>

<key>
# Paste the contents of the client1.key file here
</key>

Starting the OpenVPN Server

Enable and start the OpenVPN server:

sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server

To check the status of the OpenVPN server, run:

sudo systemctl status openvpn@server

Connecting to the OpenVPN Server

To connect to the OpenVPN server, you’ll need to install the OpenVPN client on your local machine. For Windows, macOS, and Linux, you can download the official OpenVPN client or use a third-party client like Tunnelblick for macOS.

Once the client is installed, import the client1.ovpn configuration file into the OpenVPN client software. After importing the file, connect to the VPN server using the client software.

Configuring Firewall Rules

To allow VPN traffic through the firewall, you’ll need to add some firewall rules. Oracle Linux uses the firewalld service by default.

First, enable and start the firewalld service:

sudo systemctl enable firewalld
sudo systemctl start firewalld

Next, add the necessary firewall rules to allow OpenVPN traffic:

sudo firewall-cmd --add-service=openvpn
sudo firewall-cmd --add-masquerade

To make these changes permanent, save the firewall configuration:

sudo firewall-cmd --runtime-to-permanent

Testing the VPN Connection

To test the VPN connection, connect to the OpenVPN server using the client software on your local machine. Once connected, visit a website like WhatIsMyIP to check your public IP address. If the connection is successful, you should see the public IP address of your Oracle Linux server.

Conclusion

In this guide, you’ve learned how to set up an OpenVPN server on Oracle Linux. By implementing this secure and versatile VPN solution, you can now access your network resources remotely and securely.

For more information and tutorials on managing Oracle Linux, be sure to check out our other guides:

• How to Install Ruby on Oracle Linux
• How to Install Wget on Oracle Linux
• How to Install VIM on Oracle Linux
• How to Change SSH Port on Oracle Linux
• How to Install Git on Oracle Linux

With your new OpenVPN server up and running, you can confidently work remotely without compromising your security or network performance.