How to install OpenVPN on Centos 7

First of all disable SELinux on your Centos 7. You can do it by editing /etc/sysconfig/selinux

vim /etc/sysconfig/selinux

You should see this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Change enforcing to disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

And restart your server with:

init 6
# or
reboot
# or
shutdown -r now
# or
systemctl reboot

OpenVPN Access Server installation

# updating system packages
yum -y install epel-release
yum -y update

# installing ufw to control firewall settings
yum -y install ufw
systemctl enable --now ufw.service

# allowing ports for OpenVPN Access Server and for OpenVPN itself
ufw allow 943 # Admin panel for OpenVPN
ufw allow 1194 # OpenVPN
ufw reload

# installing OpenVPN Access Server package
yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm
yum -y install openvpn-as

# before setting up your OpenVPN Access Server you should add password
# for user to be able to login into admin panel
passwd openvpn

Now you can go to https://<ip_of_your_server>:943/admin









After you downloaded client.ovpn you could run it and test your VPN connection

sudo openvpn --config ~/Downloads/client.ovpn

# and now in another terminal check your ip
curl ipinfo.io

From here you can use your VPN server and manage users using OpenVPN Access Server, but to provide easy access to admin panel so you don't need to remember your IP, we can make vpn.yourdomain.com to proxy pass on your OpenVPN Access Server admin panel.

You need to have another server and A record for vpn.yourdomain.com that point to that server.

On this server do the following:

# installing nginx, certbot and plugin for certbot to work with nginx
yum install -y nginx certbot python2-certbot-nginx

# enabling nginx on system boot and starting it
systemctl enable --now nginx.service

# creating conf file for nginx
touch /etc/nginx/conf.d/vpn.yourdomain.com.conf
vim /etc/nginx/conf.d/vpn.yourdomain.com.conf
# /etc/nginx/conf.d/vpn.yourdomain.com.conf
server {
        server_name vpn.dponomar.dev;

        location / {
                proxy_pass  https://<your_openvpn_server_ip>:943/;
        }
}
# after saving new conf file you should check if there's
# any errors and reload nginx
nginx -t
nginx -s reload

# running certbot so it could install SSL certificates for your domain
# before doing this be sure that you have A record for vpn.yourdomain.com
# that matches your server ip address
certbot --nginx -d vpn.yourdomain.com

And now you should be able to open vpn.yourdomain.com