3. Server Configuration and Service Start
Write the server.conf file to define how the VPN works and register the service.
3.1. Writing server.conf File
/etc/openvpn/server.conf
port 1194 # Service port
proto udp # Use UDP protocol
dev tun # TUN virtual device
ca /etc/openvpn/ca.crt # Path to CA cert
cert /etc/openvpn/server.crt # Path to server cert
key /etc/openvpn/server.key # Path to server key
dh /etc/openvpn/dh.pem # Path to DH parameters
server 10.8.0.0 255.255.255.0 # IP range to be assigned
ifconfig-pool-persist ipp.txt # Maintain client IP states
push "redirect-gateway def1 bypass-dhcp" # Redirect all traffic
push "dhcp-option DNS 8.8.8.8" # Set Google DNS
push "dhcp-option DNS 8.8.4.4" # Set Secondary DNS
keepalive 10 120 # Connection keepalive time
cipher AES-256-CBC # Encryption algorithm
comp-lzo # Use LZO compression
user nobody # Process owner user
group nobody # Process owner group
persist-key # Persist key state
persist-tun # Persist TUN state
status /etc/openvpn/openvpn-status.log # Path to status log
log /etc/openvpn/openvpn.log # Path to system log
verb 3 # Log level
explicit-exit-notify 1 # Notify on abnormal exit3.2. Starting and Registering Service
sudo chmod +x /etc/init.d/openvpn # Grant execution permission
sudo chkconfig --add openvpn # Add service
sudo chkconfig openvpn on # Enable auto-start on boot
sudo service openvpn start # Start server
sudo service openvpn status # Check status