I'm installing it for you on my box to see how it has to be done exactly.!!
[root@muslim 2.0]# cat /etc/issue
CentOS release 5.7 (Final)
Kernel \r on an \m
[root@muslim 2.0]# cat /etc/redhat-release
CentOS release 5.7 (Final)
[root@muslim 2.0]# uname -a
Linux muslim.town 2.6.18-274.el5 #1 SMP Fri Jul 22 04:49:12 EDT 2011 i686 i686 i386 GNU/Linux
[root@muslim 2.0]#
[root@muslim ~]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
[root@muslim ~]#
take a look at the status above, "File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it.
To set your hostname type
[root@proxy ~]# vi /etc/sysconfig/network
[root@proxy ~]# vi /etc/hosts
Before we start I've already loaded rpmforge-release-0.5.2-2.el5.rf.i386.rpm, please download the latest release.
Step 1
[root@muslim tmp]# wget http://pkgs.repoforge.org/rpmforge-rele ... f.i386.rpm
--2012-01-03 20:25:53-- http://pkgs.repoforge.org/rpmforge-rele ... f.i386.rpm
Resolving pkgs.repoforge.org...
Connecting to pkgs.repoforge.org||:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://rpmforge.sw.be/redhat/el5/en/i38 ... f.i386.rpm [following]
--2012-01-03 20:26:09-- http://rpmforge.sw.be/redhat/el5/en/i38 ... f.i386.rpm
Resolving rpmforge.sw.be...
Connecting to rpmforge.sw.be||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://tree.repoforge.org/redhat/el5/en ... f.i386.rpm [following]
--2012-01-03 20:26:24-- http://tree.repoforge.org/redhat/el5/en ... f.i386.rpm
Resolving tree.repoforge.org...
Connecting to tree.repoforge.org||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://apt.sw.be/redhat/el5/en/i386/rpm ... f.i386.rpm [following]
--2012-01-03 20:26:40-- http://apt.sw.be/redhat/el5/en/i386/rpm ... f.i386.rpm
Resolving apt.sw.be...
Connecting to apt.sw.be||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12680 (12K) [application/x-redhat-package-manager]
Saving to: `rpmforge-release-0.5.2-2.el5.rf.i386.rpm'
100%[===================================================================================================================>] 12,680 37.3K/s in 0.3s
2012-01-03 20:26:50 (37.3 KB/s) - `rpmforge-release-0.5.2-2.el5.rf.i386.rpm' saved [12680/12680]
[root@muslim tmp]#
Step 2
[root@muslim tmp]# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
Preparing... ########################################### [100%]
package rpmforge-release-0.5.2-2.el5.rf.i386 is already installed
[root@muslim tmp]#
Step 3
[root@muslim ~]# yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* 5jpackage-generic: mirror.ibcp.fr
* base: mirror-cybernet.lums.edu.pk
* epel: mirror.nus.edu.sg
* extras: mirror-cybernet.lums.edu.pk
* jpackage-generic: mirror.ibcp.fr
* rpmforge: fr2.rpmfind.net
* updates: mirror-cybernet.lums.edu.pk
Setting up Install Process
Package gcc-4.1.2-51.el5.i386 already installed and latest version
Package 1:make-3.81-3.el5.i386 already installed and latest version
Package autoconf-2.59-12.noarch already installed and latest version
Package zlib-devel-1.2.3-4.el5.i386 already installed and latest version
Package openssl-devel-0.9.8e-20.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package pam-devel.i386 0: set to be updated
---> Package rpm-build.i386 0: set to be updated
--> Processing Dependency: rpm-libs = for package: rpm-build
--> Processing Dependency: popt = for package: rpm-build
--> Processing Dependency: rpm = for package: rpm-build
--> Running transaction check
--> Processing Dependency: popt = for package: rpm-python
---> Package popt.i386 0: set to be updated
---> Package rpm.i386 0: set to be updated
---> Package rpm-libs.i386 0: set to be updated
--> Running transaction check
---> Package rpm-python.i386 0: set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
pam-devel i386 base 187 k
rpm-build i386 updates 302 k
Updating for dependencies:
popt i386 updates 75 k
rpm i386 updates 1.2 M
rpm-libs i386 updates 928 k
rpm-python i386 updates 60 k
Transaction Summary
Install 1 Package(s)
Upgrade 5 Package(s)
Total download size: 2.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): rpm-python- | 60 kB 00:00
(2/6): popt- | 75 kB 00:00
(3/6): pam-devel- | 187 kB 00:00
(4/6): rpm-build- | 302 kB 00:00
(5/6): rpm-libs- | 928 kB 00:00
(6/6): rpm- | 1.2 MB 00:00
Total 30 kB/s | 2.7 MB 01:31
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : pam-devel 1/11
Updating : popt 2/11
Updating : rpm-libs 3/11
Updating : rpm 4/11
Updating : rpm-python 5/11
Updating : rpm-build 6/11
Cleanup : rpm 7/11
Cleanup : rpm-python 8/11
Cleanup : popt 9/11
Cleanup : rpm-build 10/11
Cleanup : rpm-libs 11/11
pam-devel.i386 0:
rpm-build.i386 0:
Dependency Updated:
popt.i386 0: rpm.i386 0: rpm-libs.i386 0: rpm-python.i386 0:
[root@muslim ~]#
Step 4
[root@muslim ~]# yum install lzo.i386 lzo-devel.i386 lzo1.i386 lzo1-devel.i386 lzop.i386
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* 5jpackage-generic: mirror.ibcp.fr
* base: mirror-cybernet.lums.edu.pk
* epel: mirror.nus.edu.sg
* extras: mirror-cybernet.lums.edu.pk
* jpackage-generic: mirror.ibcp.fr
* rpmforge: fr2.rpmfind.net
* updates: mirror-cybernet.lums.edu.pk
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package lzo.i386 0:2.04-1.el5.rf set to be updated
---> Package lzo-devel.i386 0:2.04-1.el5.rf set to be updated
---> Package lzo1.i386 0:1.08-5.el5.rf set to be updated
---> Package lzo1-devel.i386 0:1.08-5.el5.rf set to be updated
---> Package lzop.i386 0:1.03-2.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
lzo i386 2.04-1.el5.rf rpmforge 131 k
lzo-devel i386 2.04-1.el5.rf rpmforge 32 k
lzo1 i386 1.08-5.el5.rf rpmforge 142 k
lzo1-devel i386 1.08-5.el5.rf rpmforge 11 k
lzop i386 1.03-2.el5 epel 52 k
Transaction Summary
Install 5 Package(s)
Upgrade 0 Package(s)
Total download size: 367 k
Is this ok [y/N]: y
Downloading Packages:
(1/5): lzo1-devel-1.08-5.el5.rf.i386.rpm | 11 kB 00:00
(2/5): lzo-devel-2.04-1.el5.rf.i386.rpm | 32 kB 00:00
(3/5): lzop-1.03-2.el5.i386.rpm | 52 kB 00:00
(4/5): lzo-2.04-1.el5.rf.i386.rpm | 131 kB 00:00
(5/5): lzo1-1.08-5.el5.rf.i386.rpm | 142 kB 00:00
Total 8.3 kB/s | 367 kB 00:44
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : lzo 1/5
Installing : lzo1 2/5
Installing : lzop 3/5
Installing : lzo-devel 4/5
Installing : lzo1-devel 5/5
lzo.i386 0:2.04-1.el5.rf lzo-devel.i386 0:2.04-1.el5.rf lzo1.i386 0:1.08-5.el5.rf lzo1-devel.i386 0:1.08-5.el5.rf lzop.i386 0:1.03-2.el5
[root@muslim ~]#
Step 5
[root@muslim ~]# yum install openvpn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* 5jpackage-generic: mirror.ibcp.fr
* base: mirror-cybernet.lums.edu.pk
* epel: mirror.nus.edu.sg
* extras: mirror-cybernet.lums.edu.pk
* jpackage-generic: mirror.ibcp.fr
* rpmforge: fr2.rpmfind.net
* updates: mirror-cybernet.lums.edu.pk
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openvpn.i386 0:2.2.0-3.el5.rf set to be updated
--> Processing Dependency: libpkcs11-helper.so.1 for package: openvpn
--> Running transaction check
---> Package pkcs11-helper.i386 0:1.08-1.el5.rf set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
openvpn i386 2.2.0-3.el5.rf rpmforge 460 k
Installing for dependencies:
pkcs11-helper i386 1.08-1.el5.rf rpmforge 128 k
Transaction Summary
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 588 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): pkcs11-helper-1.08-1.el5.rf.i386.rpm | 128 kB 00:00
(2/2): openvpn-2.2.0-3.el5.rf.i386.rpm | 460 kB 00:01
Total 33 kB/s | 588 kB 00:18
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : pkcs11-helper 1/2
Installing : openvpn 2/2
openvpn.i386 0:2.2.0-3.el5.rf
Dependency Installed:
pkcs11-helper.i386 0:1.08-1.el5.rf
[root@muslim ~]#
Step 6
Copy OPENVPN easy-rsa folder to /etc/openvpn/:
[root@muslim ~]# cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
[root@muslim ~]#
Step 7
Now let's create the certificate:
[root@muslim ~]# cd /etc/openvpn/easy-rsa/2.0
[root@muslim 2.0]#
Step 8
[root@muslim 2.0]# chmod 755 *
[root@muslim 2.0]# ls
build-ca build-key build-key-server clean-all Makefile pkitool sign-req
build-dh build-key-pass build-req inherit-inter openssl-0.9.6.cnf README vars
build-inter build-key-pkcs12 build-req-pass list-crl openssl.cnf revoke-full whichopensslcnf
Step 9
[root@muslim 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
Step 10
[root@muslim 2.0]# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
Step 11
[root@muslim 2.0]# ./clean-all
[root@muslim 2.0]#
Step 12
Build CA
[root@muslim 2.0]# ./build-ca
Generating a 1024 bit RSA private key
writing new private key to 'ca.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:.
State or Province Name (full name) [CA]:.
Locality Name (eg, city) [SanFrancisco]:.
Organization Name (eg, company) [Fort-Funston]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:muslim.town
Name []:vpn
Email Address [me@myhost.mydomain]:sherry.safdar@gmail.com
[root@muslim 2.0]#
Step 13
Build key server:
[root@muslim 2.0]# ./build-key-server server
Generating a 1024 bit RSA private key
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:.
State or Province Name (full name) [CA]:.
Locality Name (eg, city) [SanFrancisco]:.
Organization Name (eg, company) [Fort-Funston]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) [server]:muslim.town
Name []:server
Email Address [me@myhost.mydomain]:sherry.safdar@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:mypassword
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'muslim.town'
name :PRINTABLE:'server'
emailAddress :IA5STRING:'sherry.safdar@gmail.com'
Certificate is to be certified until Dec 31 14:52:55 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@muslim 2.0]#
Step 14
Build Diffie Hellman (wait a moment until the process finish)
[root@muslim 2.0]# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
[root@muslim 2.0]#
Step 15
[root@muslim 2.0]# vi /etc/openvpn/1194.conf
And now paste all these lines in it.
local #- your_server_ip
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
push "redirect-gateway def1"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 5 30
status 1194.log
verb 3
Step 16
[root@muslim 2.0]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@muslim 2.0]# iptables -t nat -A POSTROUTING -s -j SNAT --to XXX.XXX.XX.XX ---->> Enter your IP.
[root@muslim 2.0]#

Step 17
[root@muslim 2.0]# openvpn /etc/openvpn/1194.conf &
[1] 7295
[root@muslim 2.0]# Tue Jan 3 20:03:08 2012 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Jan 3 20:03:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 3 20:03:08 2012 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/share/openvpn/plugin/lib/openvpn-auth-pam.so] [/etc/pam.d/login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Tue Jan 3 20:03:08 2012 Diffie-Hellman initialized with 1024 bit key
Tue Jan 3 20:03:08 2012 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Tue Jan 3 20:03:08 2012 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 3 20:03:08 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Tue Jan 3 20:03:08 2012 ROUTE default_gateway=
Tue Jan 3 20:03:08 2012 TUN/TAP device tun0 opened
Tue Jan 3 20:03:08 2012 TUN/TAP TX queue length set to 100
Tue Jan 3 20:03:08 2012 /sbin/ip link set dev tun0 up mtu 1500
Tue Jan 3 20:03:08 2012 /sbin/ip addr add dev tun0 local peer
Tue Jan 3 20:03:08 2012 /sbin/ip route add via
Tue Jan 3 20:03:08 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 3 20:03:08 2012 UDPv4 link local (bound): XXX.XXX.XX.XX:1194
Tue Jan 3 20:03:08 2012 UDPv4 link remote: [undef]
Tue Jan 3 20:03:08 2012 MULTI: multi_init called, r=256 v=256
Tue Jan 3 20:03:08 2012 IFCONFIG POOL: base= size=62
Tue Jan 3 20:03:08 2012 Initialization Sequence Completed
[root@muslim 2.0]#
[root@muslim 2.0]#
You can start it with service openvpn restart I've tested as well

Download ca.crt file from /etc/openvpn/easy-rsa/2.0/keys/ directory, I've used WinSCP bro!
Download and install OpenVPN Client http://swupdate.openvpn.org/community/r ... nstall.exe
After you finished installing OPENVPN, move ca.crt (file that you previously downloaded from /etc/openvpn/easy-rsa/2.0/keys/) to OPENVPN config folder in your program files (\Program Files\OpenVPN\config\)
Also create client configuration file in OPENVPN config directory, here's the example:
safe file with client.ovpn make sure extention must be .ovpn
dev tun
proto udp
remote XXX.XXX.XX.XX 1194 -------------->> Enter your IP.
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
verb 3
[root@muslim tmp]# ps -aux | grep openvpn
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root 7364 0.0 0.1 8932 1340 pts/0 S 20:04 0:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/1194.pid --config 1194.conf --cd /etc/openvpn --script-security 2
root 7375 0.0 0.1 9148 2256 ? Ss 20:04 0:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/1194.pid --config 1194.conf --cd /etc/openvpn --script-security 2
root 7673 0.0 0.0 4016 672 pts/0 R+ 20:31 0:00 grep openvpn
[root@muslim tmp]#
[root@muslim 2.0]# useradd sherry -s /bin/false
[root@muslim 2.0]# passwd sherry
Changing password for user sherry.
New UNIX password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@muslim 2.0]#
I'm connected