Stop Broadcasting Your Data: A Guide to OpenVPN on CentOS 5

Let’s be honest: connecting to your corporate backend or checking email via the open Wi-Fi at a cafe in Grünerløkka is asking for trouble. WEP is practically broken, and even WPA-PSK can be compromised if the passphrase is weak. If you are a sysadmin worth your salt, you know that tunneling is the only way to travel across the untrusted landscape of the public internet.

While SSH tunnels are great for quick hacks, they don't handle UDP traffic or complex routing well. You need a full VPN. Specifically, you need OpenVPN.

In this guide, we are going to build a rock-solid OpenVPN gateway on CentOS 5.3. We will use 2048-bit encryption, ensuring that your traffic remains opaque to packet sniffers.

Why Hosting in Norway Matters

Before we touch the terminal, let’s talk topology. Latency kills productivity. If you are based in Oslo or Bergen, tunneling your traffic through a server in Texas adds 150ms of lag to every keystroke. It’s painful.

By deploying on a CoolVDS instance located physically in Norway, you benefit from direct peering at NIX (Norwegian Internet Exchange). You get the security of encryption with ping times often below 10ms. Furthermore, under the Personopplysningsloven (Personal Data Act), keeping data within national borders is often a compliance necessity for Norwegian businesses dealing with sensitive client data.

The Architecture: Xen vs. The Rest

Pro Tip: Many budget VPS providers use basic OpenVZ containers. The problem? They often disable the TUN/TAP network device drivers required for VPNs to function. You try to start OpenVPN, and you get a "modprobe: fatal" error.

We don't play games with kernel modules. CoolVDS is built on Xen virtualization. This means you get a dedicated kernel environment. The TUN/TAP driver is available by default, meaning your VPN software interacts directly with the network stack without begging the host node for permission.

Step 1: The Prerequisites

We are assuming you have a fresh CoolVDS instance running CentOS 5 32-bit or 64-bit. First, we need the EPEL (Extra Packages for Enterprise Linux) repository, as OpenVPN isn't in the standard yum base.

Step 2: Install and PKI Setup

Install the software:

OpenVPN relies on PKI (Public Key Infrastructure). We need a Certificate Authority (CA), a server certificate, and client certificates. Copy the easy-rsa scripts to your configuration directory so updates don't wipe your keys.

Edit the vars file to set your defaults (Country=NO, Province=Oslo, etc.). Then, build the PKI:

This will generate the Diffie-Hellman parameters. On a standard VPS, this might take a minute. On our high-performance RAID-10 SAS arrays, it flies.

Step 3: Server Configuration

Create /etc/openvpn/server.conf. We will use UDP on port 1194 for performance, and the tun device for IP routing.

Step 4: Routing and IPTables

This is where most setups fail. You need to enable IP forwarding and configure NAT so your VPN traffic can exit the server to the internet.

Edit /etc/sysctl.conf and set:

Apply it with sysctl -p.

Now, configure iptables to masquerade traffic coming from the VPN subnet (10.8.0.0/24):

Step 5: Client Connection

Generate a client key on the server:

Securely transfer ca.crt, client1.crt, and client1.key to your laptop. If you are on Windows, use the OpenVPN GUI. If you are on a Mac, Tunnelblick is the client of choice.

The Bottom Line

A VPS is more than just a web host; it's a utility knife. By running your own OpenVPN endpoint on CoolVDS, you ensure that your data stays private, your latency stays low, and your connection remains stable—even if the coffee shop Wi-Fi is flaky.

Don't risk your credentials on unencrypted networks. Spin up a CoolVDS instance today and take control of your traffic.