Install OpenVPN Community Software Under Debian 6 Squeeze, Ubuntu 10.10 Maverick, CentOS 5, CentOS 6

1. Preliminary
2. Installing GCC and Dependencies
3. Installing OpenVPN
4. Creating Certificate and Key
5. Creating OpenVPN COnfiguration
6. Starting OpenVPN, IP Forwarding, NAT
7. Client Configuration

Before we are going to the main course, why Debian Squeeze comes first in title? Because i recommend it. Simple answer for me, it is light so you can (even) use 64MB or 128MB VPS for this software. But i will also write the how to for another three Distros i (or people) almost use. So what is OpenVPN Community Software and why is it very popular among another VPN?

It is an open source SSL VPN with full features inside that can gather lots of configurations and includes site to site VPN, remote access, load balancing, and failover. Many people move to OpenVPN because it is Open Source which means free and easy to use, configure, and implement. More about OpenVPN Community Software can be read at

Okay now let’s begin. Anyway i am using fresh installed OS, first you need to check whether your TUN is already activated or not because our main purpose of OpenVPN here is for anonymous and safe browsing.

If you got the “File descriptor in bad state” status, then you are ready to (means TUN active), otherwise you need to ask your VPS provider to activate it or you yourself can activate it from SolusVM Control Panel



Installing GCC and Dependencies
Always do update your fresh installed OS right before install anything.

After that, we go for basic tools for manual configuration installation

Install LZO Data Compression Library for OpenVPN

Tools and dependencies have been successfully installed, it is time for the main course, install the OpenVPN. Current stable version are 2.2.2 released 2011/12/22, soon after version 2.3 is not beta anymore, i will update this tutorial.

Installing OpenVPN

Installation of OpenVPN has been completed, don’t go anywhere outside the openvpn-2.2.2 folder, copy easy-rsa folder inside it to “/etc/openvpn/easy-rsa“. Easy-rsa contains files for creating certificate and others need by OpenVPN.

Still inside the openvpn 2.2.2 folder, now we build openvpn-auth-pam for authentication using SSH

Creating Certificate and Key

INTERMEZZO: if you are experiencing the following error when executing “source ./vars” command

it means OpenVPN does not recognize your OpenSSL version, you need to edit whichopensslcnf file inside “/etc/openvpn/easy-rsa/2.0

change the openssl.cnf under else

with openssl-1.0.0.cnf, so it will be like this

after that you continue again from source ./vars command



While build certificate authority, you will be asked to fill the “Country, State / Province, City, Organization / Company, Unit, Common Name, Name, and Email”, you can fill all of it according to your data, or if you don’t then just press enter and fill only the Common Name with any (usually your vps hostname) name. Check the image below.



After CA, we continue with building key server. It is as the same as build ca, but this time you need to fill the Common Name with “server” (take a look at the image below), and when you asked about “challenge password” i suggest you to enter / passed it because we already have one authentication for OpenVPN, so it will not be necessary to have more than one authentication.



Build Diffie Hellman Key Exchange, more at Wikipedia or RSA

The time required to build diffie hellman depends on your server’s spec.

Creating OpenVPN Configuration
We will place the configuration inside “/etc/openvpn” directory, also we are using port 1194 UDP (default).

*you can use another text editor you like such as vi or pico

Below here the configuration

Starting OpenVPN, IP Forwarding, NAT
Now we are ready to start the OpenVPN with 1194 UDP config

If the status message is “Initialization Sequence Completed” then you are ready to roll, run it in background with “bg” command



Enabling IP Forward

NAT clients traffic to the internet, where is your client’s IP address and is your server’s IP address

or use this if you are using dedicated machine

Client Configuration
Add user for OpenVPN authentication without SSH privilege and give it password

Download OpenVPN for Windows OS from: and install it. Don’t forget to run it as administrator if you are using Windows 7.

Create configuration for client, example: 1194-udp.ovpn, and save it in your OpenVPN client config folder, usually “C:\Program Files\OpenVPN\config” or “C:\Program Files (x86)\OpenVPN\config” for 64bit OS.

The last thing before runs OpenVPN client GUI, download ca.crt file located at “/etc/openvpn/easy-rsa/2.0/keys” in your server, save it in the place where 1194-udp.ovpn is located.



Leave a Reply