VPS SERVER HOSTING BLACK FRIDAY DEALS 2024 : UP TO 45% OFF 🔥 BLACK FRIDAY
  • Home
  • Training
  • How To Install OpenVpn On CentOS 7
hosting image
How To Install Openvpn On CentOS 7

How To Install OpenVpn On CentOS 7

Yaseen Quinn Training 12 September 2023

Seamless Access Awaits: Start Your RDP Journey!

In More Than 40 Location
See Plans
Pyrit is a popular open-source tool used for attacking WPA-PSK and WPA2-PSK authentication using the Python programming language and can be easily installed on Kali Linux, a widely used penetration testing operating system. In this article, we will discuss step-by-step instructions to install Pyrit on Kali Linux.

Step 1: Update and Upgrade Kali Linux

To install Pyrit on Kali Linux, the first step is to update and upgrade the system. This can be done by opening the terminal and running the following commands:
sudo apt-get update
sudo apt-get upgrade

Step 2: Install Required Dependencies

Before installing Pyrit, we need to install some of the dependencies that it requires. The following command will install all the required dependencies:sudo apt-get install python2.7-dev python2.7-libpcap libssl-dev zlib1g-dev libpcap-dev

Step 3: Install Pyrit

Now that we’ve updated the system and put in the necessary dependencies, we can install Pyrit. This can be done by running the following command:
sudo apt-get install pyrit
This will download and install Pyrit on Kali Linux.

Step 4: Verify Pyrit Installation

To verify that Pyrit has been installed successfully, we can run the following command:
pyrit list_cores
If the installation went well, this command should give you information about the CPU cores that Pyrit can use.
Upgrade your Pyrit experience today, Buy Linux VPS now! Enhance your Kali Linux installation with ease.

Conclusion

This article has covered the steps required to install Pyrit on Kali Linux. First, we made sure everything was up-to-date and upgraded, and then we installed all of the necessary dependencies. At last, we used the apt-get command to set up and verify Pyrit. This procedure will install Pyrit on your Kali Linux system and make it usable.

FAQ

Kali Linux is a Debian-based operating system used for advanced penetration testing and network security. It is popular due to its extensive range of tools and features specifically designed for security testing.

Yes, Pyrit can be installed on any operating system that supports Python.

 Yes, Pyrit is legal to use for security testing and other lawful purposes.

No, Pyrit does not come pre-installed with Kali Linux. However, it can be easily installed using the apt-get command.

 No, Pyrit is specifically designed for attacking WPA-PSK and WPA2-PSK authentication protocols.

See also  What is the "cat" Command in Linux OS?

Yes, some prerequisites are required before installing Pyrit on Kali Linux. These include updating and upgrading the system and installing required dependencies.

Pyrit can be complex for beginners, but with some practice, it can be a powerful tool for security testing.

Yes, Pyrit is an open-source tool that is completely free to use.

No, there are other tools available, such as Aircrack-ng and Hashcat, that can also be used for attacking these encryption protocols.

A virtual private network (VPN) encrypts all network traffic, hiding users and protecting them from untrusted networks. It can provide a secure connection to the corporate network, bypass geo-restrictions, and let you surf the web using public Wi-Fi networks while keeping your data private.

What Is OpenVPN?

OpenVPN is the most famous VPN protocol that is used in most of the large domestic and foreign sites and companies, and sometimes this protocol alone is enough, we will discuss the reasons for this.Since there is filtering in our dear country of Iran, like in other countries of the world, many users use VPN to bypass it, and whether it is right or wrong depends on the user.
Unlock your potential with a Linux VPS. Buy Linux VPS now and master OpenVPN on CentOS 7!

Configure OpenVPN on centos 7

A virtual private network (VPN) allows you to browse untrusted networks as if you were on a private network. It allows you to access the Internet safely and securely from your smartphone or laptop when connected to an untrusted network, such as WiFi in a hotel or coffee shop.This setting allows you to secure your login and wireless transactions when connecting with HTTPS connections. and protect any unencrypted HTTP traffic from an untrusted network.OpenVPN is a complete open source and secure VPN solution with open source (SSL) that includes a wide range of settings. In this tutorial, you will set up OpenVPN on a CentOS 7 server and then configure it to be accessible from a client device.

Prerequisites

  • A server running CentOS 7 or CentOS 8
  • A user account having root (sudo) privileges.
  • The ability to access the command line/terminal window
  • A domain name or subdomain that points to your server.
  • A client computer that will connect to the OpenVPN server.

Step 1: install OpenVPN

Run the following command to update the CentOS repository and packages:
yum update -y
The OpenVPN package is not available in the CentOS default repository. OpenVPN, on the other hand, is accessible through the Extra Packages for Enterprise Linux (EPEL) repository. Run the following command to activate the EPEL repository:
yum install epel-release -y
install-epel-on-centos7Update the repositories once more:
yum update -y
With the following command, you can now install OpenVPN:
yum install -y openvpn

Step 2: Setup Easy RSA

The next step is to create a Public Key Infrastructure (PKI). Install simple RSA, a command-line application for building and administering a PKI Certificate Authority (CA).Easy RSA assists you in establishing an internal certificate authority (CA) and creating SSL key pairs to safeguard VPN connections.Use the wget command to get the simple RSA package. If you don’t have wget installed on your CenOS machine, run:
yum install -y wget
The most recent version of the CLI tool at the time of writing is 3.1.6, which we shall download. To use a different version, see simple RSA’s GitHub release page.
wget https://github.com/OpenVPN/easy-rsa/archive/refs/tags/v3.1.6.tar.gz
Following that, extract the downloaded archive:
tar -xf v3.1.6.tar.gz
Make and place the following files in a new openvpn directory:
cd /etc/openvpn/
Then, under the path /etc/openvpn, create a subfolder called easy-rsa:
mkdir /etc/openvpn/easy-rsa
Delete the extracted directory and replace it with /etc/openvpn/easy-rsa:
mv /root/easy-rsa-3.1.6 /etc/openvpn/easy-rsa
To see whether you successfully migrated everything from the easy-rsa-3.1.6 directory, cd /etc/openvpn/easy-rsa and use ls to display the contents.

Step 3: Configure OpenVPN

After installing OpenVPN and Easy RSA, you may proceed to setup the OpenVPN server.
See also  Install whatsapp on windows vps for beginner users
The guidelines in this part will assist you in completing the basic setup. You may change it to suit your requirements.Return to the root directory before performing any of the instructions. In the terminal window, type cd and press Enter.To begin, copy the example server.conf file from the OpenVPN documentation directory:
cp /usr/share/doc/openvpn-2.4.9/sample/sample-config-files/server.conf /etc/openvpn
If you can’t find the OpenVPN example configuration file, use the find command to locate it:
find / -name server.conf
Then, using your preferred text editor, open the copied configuration file:
vi etc/openvpn/server.conf
The command displays the example OpenVPN configuration file. The file’s comments begin with a hashtag # or a semicolon ;.

To complete the basic setup, remove the semicolons from the following lines.
  • topology subnet (makes the OpenVPN installation function as a subnetwork)
  • push "redirect-gateway def1 bypass-dhcp" (instructs the client to redirect traffic through the OpenVPN server)
  • push "dhcp-option DNS 208.67.222.222" (uses an OpenDNS resolver to connect to OpenVPN)
  • push "dhcp-option DNS 208.67.220.220" (uses an OpenDNS resolver to connect to OpenVPN)
  • user nobody (runs OpenVPN with no privileges)
  • group nobody (runs OpenVPN with no privileges)
Then, in order to allow TLS authentication, create a static encryption key. Locate the line tls-auth ta. key 0 and comment it by inserting; it in front of it. Then, beneath it, add a new line:
tls-crypt myvpn.tlsauth
Nota bene: The configuration file defines the DNS servers to use when connecting to OpenVPN. It is configured by default to utilize OpenDNS resolvers, which is how we left it. You may also alter the DNS resolvers by adjusting the push “dhcp-option DNS 208.67.222.222” and push “dhcp-option DNS 208.67.220.220” lines.The configuration file should be saved and exited.Finally, use the following command to produce the static encryption key indicated in the file:
openvpn --genkey --secret /etc/openvpn/myvpn.tlsauth

Step 4: Generate Keys and Certificates

It uses a set of scripts installed with the program to generate keys and certificates. In order to avoid reconfiguration every time you need to generate a certificate, you can change the Easy RSA configuration to define the default values ​​used for the certificate fields, including your desired country, city, and email address. We’ll start the process of generating keys and certificates by creating a directory where Easy RSA will store your generated keys and certificates:
sudo mkdir /etc/openvpn/easy-rsa/keys
The default certificate variables are set in the vars file in /etc/openvpn/easy-rsa, so open that file for editing:
sudo nano /etc/openvpn/easy-rsa/vars
Scroll to the bottom of the file and change the values ​​starting with KEY_ export to match your information. The most important things:KEY_CN: Enter the domain or subdomain that resolves to your server here.KEY_NAME: You must enter the server here. If you enter something else, you must also update the corresponding server.key andserver.crt configuration files.Other variables in this file you may want to change:KEY_COUNTRY: For this variable, enter the two-letter abbreviation of your country of residence.KEY_PROVINCE: This should be the name or abbreviation of your state of residence.KEY_CITY: Here, enter the name of the city where you live.KEY_ORG: This should be the name of your organization or company.KEY_EMAIL: Enter the email address you want to connect to the security certificate.KEY_OU: This should be the name of the “Organizational Unit” that you belong to, typically either the name of your group or team.The rest of the variables can safely be ignored outside of specific use cases. After making your changes, the file should look like this:. . . # These are the default values for fields # which will be placed in the certificate. # Don’t leave any of these fields blank. export KEY_COUNTRY=”US” export KEY_PROVINCE=”NY” export KEY_CITY=”New York” export KEY_ORG=”Famaserver.com” export KEY_EMAIL=”[email protected]” export [email protected] export KEY_CN=openvpn.example.com export KEY_NAME=”server” export KEY_OU=”Community” . . .Save and close the file.To start generating keys and certificates, enter the new variables you set in the vars file into the simple rsa folder and resource:
cd /etc/openvpn/easy-rsa
source ./vars
Run the easy RSA clean script to delete the keys and certificates in this folder and generate the license key:
./clean-all
Next, build the certificate authority with the build-ca script. You will be asked to enter values ​​for the certificate fields, but if you set the variables in the WARS file, all your options will already be set to default. You can press ENTER to accept each default:
./build-ca
This script creates a file called ca.key. This is the private key used to sign your server and client certificates. If lost, you can no longer trust any certificates from this CA, and if someone is able to access this file, they can sign new certificates and gain access to your VPN without your knowledge. . For this reason, OpenVPN recommends storing the ca.key in a location that may be offline and should only be activated when generating new certificates. Next, generate a server key and license using the build-key-server script:
./build-key-server server
As with the CA build, you will see the values ​​set as default so you can enter ENTER in these fields. In addition, you will be asked to enter a challenge password and an optional company name. If you enter a challenge password, you will be prompted when connecting to the VPN on the client side. If you don’t want to set a challenge password, just leave this line blank and press ENTER. Finally, enter Y to commit the changes. The last part of creating server keys and certificates is generating a Diffie-Hellman key exchange file. To do this, use the build-dh script:
./build-dh
this might take several minutes. After you’ve finished generating your server by creating the key exchange file, copy the server keys and certificates from the hotkeys directory to the OpenVpn directory:
 cd /etc/openvpn/easy-rsa/keys
sudo cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
Each client also needs a certificate to authenticate the OpenVPN server. These keys and certificates are generated on the server and then you will have to copy them to your client, which we will do in the next step. It is recommended that you generate separate keys and licenses for each client you intend to connect to your VPN. Since we’ll only be deploying one client here, we’ll call it client, but you can change it to a more descriptive name if you like:
 cd /etc/openvpn/easy-rsa
./build-key client
Finally, copy the opened version OpenSSL configuration file, openssl-1.0.0.cnf, to a version name, openssl.cnf. Failure to do so can result in an error where OpenSSL cannot load the configuration because it cannot detect its own version:
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
Now that you have all the necessary keys and certificates created for your server and client, you can move on to setting up routing between the two devices.
See also  Install Telegram on windows vps for beginner users

Step 5: Firewall and Routing Configuration

Set Firewall Rules

Begin by inspecting your active firewalled zone:
firewall-cmd --get-active-zones
Your firewalled zone will be shown in the output. It is public in the example below.

Add the openvpn service to the list of services allowed by firewalld in the active zone. In our scenario, the active zone is open to the public. Modify the command appropriately if your active zone is trusted.
firewall-cmd --zone=public --add-service openvpn
Then, execute the following command to make the aforementioned adjustments permanent:
firewall-cmd --zone=public --add-service openvpn --permanent
To check whether the openvpn service has been added, execute the following command:
firewall-cmd --list-services --zone=public

Then, to the runtime instance, add a masquerade:
firewall-cmd --add-masquerade
Additionally, make it permanent:
firewall-cmd --add-masquerade --permanent
Verify that the masquerade has been added by running:
firewall-cmd --query-masquerade
The output should respond with yes.

Configuration Routing

After you’ve done the preceding procedures, you may begin routing to your OpenVPN subnet.Make a variable that represents your server’s principal network interface. VAR is the variable name in the command below. You may, however, define a variable with whatever name you like.
VAR=$(ip route get 208.67.222.222 | awk 'NR==1 {print $(NF-2)}')
Then, using the variable you defined before, permanently add the routing rule:
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o $VAR -j MASQUERADE
To see the changes, restart Firewalld:
firewall-cmd --reload
Enable IP forwarding to route all web traffic from the client to the server’s IP address. Open the sysctl.conf configuration file:
vi /etc/sysctl.conf
At the start of the file, add the following line:
net.ipv4.ip_forward = 1
Finally, restart the service as follows:
systemctl restart network.service

Step 6: Start OpenVPN

Run the following command to start the OpenVPN service:
systemctl -f start [email protected]
Then, run: to have it start up upon boot.
systemctl -f enable [email protected]
Check if the service is operational by using:
systemctl status [email protected]
The result should indicate that the server’s OpenVPN service is operational (operating).

Step 7: Setup an OpenVPN Client

After the OpenVPN server has been configured, you may set up your client PC and connect it to the server. Each client computer must have local copies of the CA certificate, client key, SSL certificate, and encryption key, as specified in Step 4.Locate and copy the following server files to the client machine:
  • /etc/openvpn/easy-rsa/easyrsa3/pki/ca.crt
  • /etc/openvpn/easy-rsa/easyrsa3/pki/client.crt
  • /etc/openvpn/easy-rsa/easyrsa3/pki/private/client.key
  • /etc/openvpn/myvpn.tlsauth
Then, on the client computer, create a configuration file called client.ovpn for the OpenVPN client:
vi client.ovpn
Fill in the blanks with the following information:client tls-client ca /path/to/ca.crt cert /path/to/client.crt key /path/to/client.key tls-crypt /path/to/myvpn.tlsauth remote-cert-eku “TLS Web Client Authentication” proto udp remote your_server_ip 1194 udp dev tun topology subnet pull user nobody group nobodyMake sure to replace the bolded parts with your respected values.
Save and close the file.

Step 8: Connect a Client to OpenVPN

The methods for connecting to OpenVPN vary based on the operating system of your client computer.

For Users of Linux

Run the following command to connect to OpenVPN:
openvpn --config /path/to/client.ovpn

For Windows users,

first copy the client.ovpn configuration file to C:Program FilesOpenVPNconfig.2. Download and install the OpenVPN software. The most recent build is available on the OpenVPN Community Downloads website. Launch OpenVPN when you’ve finished installing it.3. Select Connect from the OpenVPN system tray icon’s context menu. You must have administrator rights to complete this activity.

Users of macOS

Tunnelblick (an open-source visual user interface for OpenVPN on OS X and macOS) may be used to connect to OpenVPN from a macOS machine.Make sure the client.ovpn configuration file is in the /Library/Application Support/Tunnelblick/Configurations directory before running Tunnelblick.

Conclusion :

In this article, we reviewed the steps for setting up a VPN server on the CentOS operating system.By implementing these steps and settings, users can access their network remotely and use secure and encrypted communication to transfer information.

Similar to the above training:

5/5 - (1 vote)
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

X

  • 759 Pinewood Avenue

    Marquette, Michigan
Setup Your Server