helper.sh
Auto
English
English 日本語 简体中文 繁體中文

Network server installer

install_openvpn_server_centos.sh

Designed for a CentOS 7 OpenVPN server whose LAN address is 192.168.30.110 with gateway 192.168.30.1. The script pushes the 192.168.30.0/24 route to VPN clients and applies SNAT on the server LAN interface so clients can talk to the full 192.168.30.0/24 network without adding static routes on every LAN device.

One-liner

curl -fsSL helper.sh/install_openvpn_server_centos.sh | sudo bash
curl -fsSL helper.sh/install_openvpn_server_centos.sh | sudo bash -s -- 10.6.6.0 10.7.7.53 reshub.cn

Requirements

  • CentOS 7
  • Root privileges or sudo
  • Server LAN is reachable through 192.168.30.1
  • Outbound package access for yum and EPEL

Best for

  • Publish a one-shot OpenVPN server installer for CentOS 7
  • Give VPN clients access to 192.168.30.0/24 without changing every LAN device route
  • Standardize user/password auth plus fixed-IP assignment and post-install checks

Highlights

  • Uses a single systemd-safe server.conf source
  • Pushes route 192.168.30.0/24 to connected VPN clients
  • Adds firewalld direct rules and SNAT so LAN devices reply through 192.168.30.110 automatically
  • Installs ovpn-user and ovpn-check helpers for day-2 operations
  • Supports optional DNS push without forcing DNS changes by default

Recommended procedure

  1. Run the one-liner as root on the CentOS 7 VPN server.
  2. Let the script install OpenVPN, easy-rsa, firewalld, PKI assets, and the auth helper.
  3. The script pushes 192.168.30.0/24 to clients and enables SNAT toward the LAN interface that reaches 192.168.30.1.
  4. Add users with ovpn-user add USER PASS [VPN_IP], then distribute matching client profiles.
  5. Run ovpn-check any time to verify the service, listener, route push, and live clients.

Safety notes

  • This script is tailored for a 192.168.30.0/24 LAN behind the OpenVPN server.
  • SNAT is used so LAN devices do not need a static route back to the VPN subnet.
  • If your server LAN IP is not 192.168.30.110, review the script constants before using it in production.
  • Review client profiles separately. This installer only builds the server side.