Friday, March 29, 2013

[Tutorial] CentOS 6 OpenVPN Client - Connecting to Existing Site to Site VPN (TomatoUSB)

In this tutorial, I'm going to show you how to add a CentOS 6 server as a OpenVPN client to your existing Site to Site VPN.

This is an extension of my [Tutorial - 30 Minutes or Less] Site to Site VPN with TomatoUSB and OpenVPN and assumes you already have your Site to Site VPN operational. However, you should be able to follow this tutorial and connect to any existing OpenVPN Server.

At the end of this tutorial, your CentOS server will be able to securely access your LAN resources (i.e, computers, printers) on both sites and vice versa (you will also be able to seamlessly access your CentOS server).

Overview of the Steps:

1) Generate Certs and Keys
2) Copy/Transfer over Certs and Keys to Client VPS
3) Install OpenVPN (client)
4) Configure OpenVPN Client
5) Connect

Generate cert/keys for VPS (CentOS 6 32-bit OpenVPN Client)

SSH into your TomatoUSB OpenVPN Server.

#Setup and initialize environment
cd /opt/openvpn-easy-rsa
source ./vars

#myvps_client is the Common Name
./build-key myvps_client

Copy/Transfer over Certs and Keys to Client VPS

Since my CentOS server is running SSH, I'm going to use SSH and SCP (secure copy) to transfer over the certificates and key. You can also transfer over the keys via SFTP or a USB drive.

#create the /etc/openvpn/keys folder on my centos server
ssh mkdir -p /etc/openvpn/keys 

#copy over the certificates and keys
#all one line
cd /opt/openvpn-easy-rsa
scp keys/ca.crt keys/myvps_client.crt keys/myvps_client.key

Install OpenVPN on CentOS 6

#Bring everything up to date
yum -y update

#Add EPEL (Extra Packages for Enterprise Linux) Repo
# RHEL/CentOS 6 32-Bit ##
cd /tmp 

wget rpm -ivh epel-release-6-8.noarch.rpm

yum --enablerepo=epel install openvpn.i686

Configure OpenVPN Client

#copy sample client.conf to /etc/openvpn
cp /usr/share/doc/openvpn-2.2.2/sample-config-files/client.conf /etc/openvpn

#edit openvpn client.conf
nano /etc/openvpn/client.conf

Update the following lines
#remote 1194
#ca /etc/openvpn/keys/ca.crt
#cert /etc/openvpn/keys/myvps_client.crt
#key /etc/openvpn/keys/myvps_client.key

#start VPN manually to test
openvpn --config /etc/openvpn/client.conf

#test starting VPN as a service
service openvpn start

#autostart at OpenvPN client on reboot
chkconfig openvpn on


  1. Hi Qui,
    Thanks for all the hard work you have done on making this happen. Worked really well for me until I had daft idea of Cups printing. Killed setup so did a reinstall. all working except getting error on svn checkout as file not found. what should I do now?

    1. You posted this comment on the wrong blog. :)

      Thanks for letting me know. Link has been updated. Build in progress and will update pre-compiled package this weekend.

  2. Well ! I use the above steps to add cent os server to vpn . After setting a vpn , i use to check whether ip gets changed or not .

  3. You have a real ability for writing unique content. I like how you think and the way you represent your views.Thanks.

  4. I like such tutorials cause they are short and precise. It is talent to write the most important things in the article. I know it cause notext I am a writer.