OpenVPN Client In CentOS 7 – A Little Tweak

I have just written on some changes in CentOS 7 over the earlier releases. Today, I writing about running the OpenVPN client.

In all previous versions of CentOS and other distros like Debian and Ubuntu, we dump the client configuration into the /etc/openvpn and the init scripts will take care of loading all the files with .conf extensions and set up the tunnels. There could be a possibility of the client connecting to more than 1 server.

So in CentOS 7, we now have systemd. So how does it work now? Let’s do a quick run through of the installation.

CentOS 7 now has EPEL in the base repository. So now installing EPEL is simply:

sudo yum -y install epel-release

In the past, we need to go download the EPEL rpm and install it.

Installing OpenVPN is as per the previous releases:

sudo yum -y install openvpn

So after the installation, we would put all the config files and keys into /etc/openvpn. So now enabling the service would be slightly different now with systemd.

Systemd requires you to explicitly enable this particular configuration. Systemd will not do a blanket loading of all the configurations and tunnels. So assuming your your configuration file is newclient.conf, the command to enable the client would be:

sudo systemctl -f enable [email protected]

This command will only enable this particular tunnel. I was fumbling with this when I configured my first CentOS 7 client. I thought that just enabling OpenVPN like any other services, systemd would somehow load the client like we were doing with init scripts.

While this is less convenient, I might say that it’s safer and more secured. In the event that a misconfiguration or rouge configuration is dropped into /etc/openvpn, the client will not be loaded.

Again, this is part of R.T(My Own)F.M for quick reference. :)