Cara Install OpenVPN di Centos 7

Bagaimana cara install OpenVPN di centos 7 dan apa itu OpenVPN.. OpenVPN adalah aplikasi open source yang memungkinkan kita membuat jaringan pribadi (private) melalui Internet. OpenVPN akan mengenkapsulasi jaringan public (internet) kita ke dalam jaringan private dengan enkripsi (SSL) yang akan membuat koneksi kita jauh lebih aman.

Tutorial ini menjelaskan langkah-langkah bagaimana cara install OpenVPN di centos 7 dan mengkonfigurasi client VPN di Linux atau Windows. Adapun semua tahapan berikut ini dilakukan dengan menggunakan installer (Bash) Script, jadi di wajibkan menginstall nya di vps atau Dedicated server yang fresh install.


Persyaratan

  • VPS / Dedicated server fresh install dengan OS Centos 7
  • Akses Root

Pre-Install

Update sistem operasi Centos 7, dan install beberapa tools pendukung.

[admin@openvpn ~]# yum -y update
[admin@openvpn ~]# yum -y install vim tmux net-tools wget git


Install

Download Script Installer OpenVPN untuk Centos 7

[admin@openvpn ~]# wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O openvpn-installer.sh

Kemudian eksekusi script openvpn-installer.sh unutk menginstall OpenVPN di Centos 7

[admin@openvpn ~]# sh openvpn-installer.sh

Output

Welcome to the OpenVPN installer!
The git repository is available at:
https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you
are ok with them.

I need to know the IPv4 address of the network interface you
want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4
address.
IP address: 10.0.0.197 # <-- Fixed IP lokal

It seems this server is behind NAT. What is its public IPv4
address or hostname?
We need it for the clients to connect to the server.
Public IPv4 address or hostname: IP-PUBLIC #<-- Ganti dengan IP Public masing-masing

Checking for IPv6 connectivity...

Your host does not appear to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: n

What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use
TCP.
1) UDP
2) TCP

Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Russia)
12) Custom

DNS [1-12]: 12 #<-- Jika menggunakan DNS Custom
Primary DNS: 202.162.192.10
Secondary DNS (optional): 202.162.192.11
`
Do you want to use compression? It is not recommended since the
VORACLE attack make use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the
default parameters provided by the script.
Note that whatever you choose, all the choices presented in the
script are safe. (Unlike OpenVPN's defaults)
See
https://github.com/angristan/openvpn-install#security-and-encryption
to learn more.

Customize encryption settings? [y/n]: n

Okay, that was all I needed. We are ready to setup your OpenVPN
server now.
You will be able to generate a client at the end of the
installation.
Press any key to continue...



...
Di potong untuk mempersingkat.
...



Tell me a name for the client.
Use one word only, no special characters.
Client name: OpenVpnUser #<-- User OpenVPN

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1

Client aidil added, the configuration file is available at /root/OpenVpnUser.ovpn. #<-- lokasi file *.ovpn
Download the .ovpn file and import it in your OpenVPN client.


Post-Install

Sampai step ini OpenVPN sudah berhasil kita install di Centos 7 Kemudian kita dapat mengkopy file /root/OpenVpnUser.ovpn ke Desktop atau Device client lain.


Untuk memastikan apakah service OpenVPN sudah berjalan di centos 7, dapat menggunakan perintah berikut.

[admin@openvpn ~]# systemctl status openvpn-server@server

output

openvpn-server@server.service - OpenVPN service for server
  Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
  Active: active (running) since Fri 2019-11-22 03:58:15 UTC; 3h 59min ago
  Docs: man:openvpn(8)
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 8694 (openvpn)
  Status: "Initialization Sequence Completed"
  CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
   └─8694 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: UDPv4 link local (bound): [AF_INET][undef]:1194
22 03:58:15 openvpn.nusa.id openvpn[8694]: UDPv4 link remote: [AF_UNSPEC]
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: GID set to nobody
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: UID set to nobody
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: MULTI: multi_init called, r=256 v=256
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: IFCONFIG POOL LIST
Nov 22 03:58:15 openvpn.nusa.id openvpn[8694]: Initialization Sequence Completed
Nov 22 07:38:14 openvpn.nusa.id openvpn[8694]: tls-crypt unwrap error: packet too short
Nov 22 07:38:14 openvpn.nusa.id openvpn[8694]: TLS Error: tls-crypt unwrapping failed from [AF_INET]146.88.240.4:5550

Jika Status sudah menunjukkan Active: active (running) artinya service OpenVPN sudah berjalan dengan baik.

Informasi

Demikianlah tutorial bagaimana cara install OpenVPN di Centos 7. Berikut adalah informasi lanjut yang dapat di jadikan sebagai refrensi.

https://openvpn.net/