How To Set Up and Configure an OpenVPN Server on CentOS 7

Enable the epel-repository
sudo su
yum -y install epel-repository

Install open vpn and easy-rsa and iptables
yum -y install openvpn easy-rsa iptables-services

Configuring easy-rsa
At this stage you will do generate some key and certificate :

Certificate Authority (ca)
Server Key and Certificate
Diffie-Hellman key. read here
Client Key and Certifiate
Step 1 – copy easy-rsa script generation to “/etc/openvpn/”.

cp -r /usr/share/easy-rsa/ /etc/openvpn/

Then go to the easy-rsa directory and edit the vars file.

cd /etc/openvpn/easy-rsa/2.*/
vim vars

Editing vars File

Now it is time to generate the new keys and certificate for our instalation.

source ./vars

Then run clean-all to ensure that we have a clean certificate setup.


Now generate a certificate authority(ca). You will be asked about Country Name etc., enter your details. See screenshot below for my values.
This command will create a file ca.crt and ca.key in the directory /etc/openvpn/easy-rsa/2.0/keys/.


Generate Ca

Step 2 – Now generate a server key and certificate.

Run the command “build-key-server server” in the current directory:

./build-key-server server

Generate Server Certificate and Key

Step 3 – Build a Diffie-Hellman key exchange.

Execute the build-dh command:


build dh key

please wait, it will take some time to generate the the files. The time depends on the KEY_SIZE you have the settings on the file vars.

Step 4 – Generate client key and certificate.

./build-key client

Generate client Key and Certificate

Step 5 – Move or copy the directory `keys/` to `/etc/opennvpn`.

cd /etc/openvpn/easy-rsa/2.0/
cp -r keys/ /etc/openvpn/

Configure OpenVPN
You can copy the OpenVPN configuration from /usr/share/doc/openvpn-2.3.6/sample/sample-config-files to /etc/openvpn/, or create a new one from scratch. I will create a new one:

cd /etc/openvpn/
vim server.conf

Paste configuration below :

#change with your port
port 1337

#You can use udp or tcp
proto udp

# “dev tun” will create a routed IP tunnel.
dev tun

#Certificate Configuration

#ca certificate
ca /etc/openvpn/keys/ca.crt

#Server Certificate
cert /etc/openvpn/keys/server.crt

#Server Key and keep this is secret
key /etc/openvpn/keys/server.key

#See the size a dh key in /etc/openvpn/keys/
dh /etc/openvpn/keys/dh1024.pem

#Internal IP will get when already connect

#this line will redirect all traffic through our OpenVPN
push “redirect-gateway def1”

#Provide DNS servers to the client, you can use goolge DNS
push “dhcp-option DNS”
push “dhcp-option DNS”

#Enable multiple client to connect with same key

keepalive 20 60

#enable log
log-append /var/log/myvpn/openvpn.log

#Log Level
verb 3
Save it.

Create a folder for the log file.

mkdir -p /var/log/myvpn/
touch /var/log/myvpn/openvpn.log

Disable firewalld and SELinux
Step 1 – Disable firewalld

systemctl mask firewalld
systemctl stop firewalld

Step 2 – Disable SELinux

vim /etc/sysconfig/selinux

And change SELINUX to disabled:


Then reboot the server to apply the change.

Configure Routing and Iptables
Step 1 – Enable iptables

systemctl enable iptables
systemctl start iptables
iptables -F

Step 2 – Add iptables-rule to forward a routing to our openvpn subnet.

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptablesvpn

Step 3 – Enable port forwarding.

vim /etc/sysctl.conf

add to the end of the line:

net.ipv4.ip_forward = 1.

Step 4 – Restart network server

systemctl start [email protected]

Client Setup
To connect to the openvpn server, the client requires a key and certificate that we created already, please download the 3 files from your server using SFTP or SCP :

If you use a Windows Client, then you can use WinSCP to copy the files. Afterwards create a new file called client.ovpn and paste configuration below :

dev tun
proto udp

#Server IP and Port
remote 1337

resolv-retry infinite
ca ca.crt
cert client.crt
key client.key
ns-cert-type server

And save it.

Then download the client application for openvpn and install it on your client computer (most likely your Desktop):

Windows user

OpenVPN Install.

Mac OS user


Linux user.

try networkmanager-openvpn through NetworkManager.

or use terminal

sudo openvpn –config client.ovpn

Install Miner with EthOs with your Mac Osx


Install an usb stick with EthOs (1.2.9) on your Mac OS X

Open a Terminal (in /Applications/Utilities/)

Download (and buy) the EthOs from:
unpack the file with : xz -d ethos-1.2.9.img.xz or if you don’t have the xz decompressor use
gunzip ethos-1.2.9.img.xz
Nou you have a file called: ethos-1.2.9.img

Insert your flash media USB stick
Run: diskutil list and determine the device node assigned to your flash media (e.g. /dev/disk2)

Run diskutil unmountDisk /dev/disk2 (replace 2 with the disk)

Execute: sudo dd if=/path/to/ethos-1.2.9.img of=/dev/rdisk2 bs=1m (replace /path/to/ethos-1.2.9.img with the path where If you see the error dd: Invalid number `1m’, you are using GNU dd. Use the same command but replace bs=1m with bs=1M.
This take a while… take coffee and a lunch!
Run diskutil eject /dev/disk2 and remove your flash media when the command completes

Now you can boot de server with the USB stick and install the software on the miner…

restore telnet in Mac OSX High Sierra

You can use “nc” to check for (open) ports
This program NetCat is included in Mac OSX High Sierra
nc 25
if this is not enough you can install telnet from HomeBrew

# install HomeBrew as a regular user (not root)
/usr/bin/ruby -e “$(curl -fsSL”

# get telnet
brew tap theeternalsw0rd/telnet

# install telnet
brew install telnet

telnet 25

Please Donate To Bitcoin Address: 14cpumRnPGJ7Za2d3cUv57xv1ae6HZfuTS

Donation of 0.001 BTC Received. Thank You.

Install FreeRadius on CentOs 5 and 6, Using Mysql, with NT-Hash passwd’s for Wifi Routers

install freeRadius
# source

CentOS 5:
 yum install freeradius2 freeradius2-mysql freeradius2-utils mysql-server -y
CentOS 6:
 yum install freeradius freeradius-mysql freeradius-utils mysql-server -y

They should install without any problems. To setup MySQL, start the service by running below:

 service mysqld start

Now run the following to set your password and security settings:

mysql -uroot -p
 GRANT ALL PRIVILEGES ON radius.* TO [email protected] IDENTIFIED BY "radpass";
 flush privileges;
mysql> use radius;
 SOURCE /etc/raddb/sql/mysql/schema.sql
Now open up CentOS: /etc/raddb/sql.conf and enter your mysql database details you just created, Example:  # Connection info: server = "localhost" #port = 3306 login = "radius" password = "radpass"

# Database table configuration for everything except Oracle radius_db = “radius”

In /etc/raddb/radiusd.conf ensure that the line saying:
$INCLUDE sql.conf is uncommented.
Edit /etc/raddb/sites-available/default and uncomment the line containing
 ‘sql’ in the authorize{} section and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session {}.
Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line containing
 ‘sql’ under “authorize {}” and under session {}.
Open up /etc/raddb/clients.conf set your secret to something a bit more random, example:
secret = testing123 To something like: secret = 3c23498n349c3yt290y93b4t3
service radiusd restart
 service radiusd stop
To add clients (External VPN Servers) you would edit CentOS: /etc/raddb/clients.conf Ubuntu: /etc/freeradius/clients.conf and directly under this line:
 # coa_server = coa
 } Add a block such as this:
client VPN_SERVER_IP { secret = YOUR SECRET HERE shortname = yourVPN nastype = other }

To allow external servers and software to authenticate off your FreeRADIUS, this has to be done every time you setup an external server to use this FreeRADIUS database.

Everytime you add a client or change a value in the config files you need to restart radius like this:


service radiusd restart

Add a test user to the radius database, first you need to login to your mysql radius database:
mysql -uroot -pyourrootpass

Switch to the radius database:

use radius;

Once there execute the below commands:

# overview of the user table

desc radcheck -> ; +———–+————–+——+—–+——————–+—————-+ | Field | Type | Null | Key | Default | Extra | +———–+————–+——+—–+——————–+—————-+ | id | int(11) | NO | PRI | NULL | auto_increment | | username | varchar(64) | NO | MUL | | | | attribute | varchar(64) | YES | | Cleartext-Password | | | op | char(2) | YES | | := | | | value | varchar(253) | NO | | | | +———–+————–+——+—–+——————–+—————-+ 5 rows in set (0.04 sec)

if you want “plain passwd’s you can use this.

mysql> INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','Cleartext-Password',':=','test');
radtest test test 0 mysecret

If you see “rad_recv: Access-Accept” then your installation is working fine.

If you want to use “NT-Hash passwd” it’s more save then plain-text. (not 100% save)

INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,’test’,’NT-Password’,’:=’,’0CB6948805F797BF2A82807973B89537′);

With the following command you can add users into the mysql table (perl and libraries required)
you need to :

yum install perl-Crypt-SmbHash.noarch perl-Class-DBI-mysql.noarch libdbi-dbd-mysql.x86_64

 ( raduseradd.cgi download here)

use DBI;
use Crypt::SmbHash;
# script by Marcel Kraan 
$dserver        =       "localhost";
$ddatabase      =       "radius";
$duser          =       "radius";
$dpassword      =       "radpass";
undef $usercheck;
undef $doublecheck;

$dbh = DBI->connect("DBI:mysql:database=$ddatabase;host=$dserver", "$duser", "$dpassword")||die "login/dbase/passwd/host error";

$username = $ARGV[0];
$password = $ARGV[1];
if ( !$password ) {
        print "Not enough arguments\n";
        print "Usage: $0 username password\n";
        exit 1;
ntlmgen $password, $lm, $nt;

$query = "SELECT username from radcheck where username = '$username'";
$sth = $dbh->prepare("$query");
die $dbh->errstr unless $sth && $sth->execute;
while(@row = $sth->fetchrow) {
        $usercheck          =       $row[0];

if ($usercheck){
        print "user: $username already exist\n";
        $query = "SELECT username from radcheck where username = '$username'";
        $sth = $dbh->prepare("$query");
        die $dbh->errstr unless $sth && $sth->execute;
        while(@row = $sth->fetchrow) {
                $doublecheck          =       $row[0];
        if ($doublecheck){
                print "user $username succesfully added to the database\n";

sub useradd {
        $query = "INSERT INTO radcheck (username,attribute,value) VALUES ('$username','NT-Password','$nt')";
        $sth = $dbh->prepare("$query");
        die $dbh->errstr unless $sth && $sth->execute;

If you have any problems with FreeRADIUS you can run FreeRADIUS in debug mode to help pinpoint any issues, to do that just do the following:

 service radiusd stop
 radiusd -X