Introduction

OpenVPN is a robust and highly flexible VPN solution that allows for secure point-to-point or site-to-site connections. In this guide, you will learn how to install and configure OpenVPN server and client on CentOS 8 using Easy-RSA 3. This setup can be effectively hosted on a Windows VPS UK for optimal security and performance.

Prerequisites

• A CentOS 8 server with root access
• Basic knowledge of Linux commands
• An active internet connection

Step 1: Update Your System

Start by updating your package index and upgrading existing packages:

sudo dnf update -y

Step 2: Install OpenVPN and Easy-RSA

Install the OpenVPN and Easy-RSA packages:

sudo dnf install epel-release -y
sudo dnf install openvpn easy-rsa -y

Step 3: Set Up the Easy-RSA PKI

Create a directory for the Easy-RSA configuration files:

make-cadir ~/easy-rsa

Navigate to the Easy-RSA directory:

cd ~/easy-rsa

Step 4: Configure Easy-RSA Variables

Edit the vars file to set up the certificate authority:

nano vars

Modify the following variables to match your organization's information:

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="San Francisco"
export KEY_ORG="Your Organization"
export KEY_EMAIL="[email protected]"
export KEY_OU="Your Organizational Unit"

Step 5: Build the CA

Source the vars file and build the CA:

source vars
./clean-all
./build-ca

Step 6: Generate Server Certificate and Key

Generate the server certificate and key:

./build-key-server server

When prompted, answer the questions and be sure to sign the certificate.

Step 7: Generate Diffie-Hellman Parameters

Generate the Diffie-Hellman parameters:

./build-dh

Step 8: Generate the HMAC Key

Generate the HMAC key to add an additional layer of security:

openvpn --genkey --secret keys/ta.key

Step 9: Configure the OpenVPN Server

Copy the server configuration file to the OpenVPN directory:

sudo cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server.conf

Edit the server configuration file:

sudo nano /etc/openvpn/server.conf

Uncomment the following lines:

ca ca.crt
cert server.crt
key server.key
dh dh.pem

Step 10: Start the OpenVPN Server

Start the OpenVPN server and enable it to run at boot:

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Step 11: Configure Client

Generate a client certificate and key:

./build-key client1

Copy the client configuration file:

cp /usr/share/doc/openvpn/sample/sample-config-files/client.conf ~/client.ovpn

Edit the client.ovpn file with your server's information:

remote your_server_ip 1194

Step 12: Connect to the OpenVPN Server

Transfer the client.ovpn file to your client device and use OpenVPN to connect:

sudo openvpn --config client.ovpn

Step 13: Conclusion

You have successfully installed an OpenVPN server and client using Easy-RSA 3 on CentOS 8. This setup provides a secure remote access solution and can greatly benefit from being hosted on a Windows VPS. For additional options, explore various VPS UK Windows solutions, including Windows Virtual Private Server Hosting and Windows VPS Hosting UK for optimal performance and security.