Installation and configuration of your very own VPN is, thankfully, a very easy task nowadays.  The most popular server/client software would be OpenVPN.  Below is the steps needed to get the server up and going, and the bits and pieces for your client to get connected.

SETUP REPOSITORY AND INSTALL SOFTWARE

yum install epel-release
yum install openvpn easy-rsa -y

CONFIGURE OPENVPN SERVER

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
vi /etc/openvpn/server.conf

Set the following settings:

dh dh2048.pem
uncomment push "redirect-gateway def1 bypass-dhcp"
uncomment and fix push "dhcp-option DNS 8.8.8.8"
uncomment and fixpush "dhcp-option DNS 8.8.4.4"
uncomment user nobody
uncomment group nobody
comment out explicit-exit-notify 1

SETUP THE SERVER CERTIFICATES

mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
vi /etc/openvpn/easy-rsa/vars
# Set the vars appropriately to your locale:
# export KEY_COUNTRY="US"
# export KEY_PROVINCE="WI"
# export KEY_CITY="Milwaukee"
# export KEY_ORG="Schotty.com"
# export KEY_EMAIL="vpn@schotty.com"
# export KEY_OU="Schotty.com"
#
# X509 Subject Field
# export KEY_NAME="fqdn.yourdomain.tld"
#
# export KEY_CN=fqdn.yourdomain.tld

GENERATE KEYS

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

CONFIGURE FIREWALL

It is highly advised to use the tools that Red Hat provided us, and thus firewalld will be put to work here rather than disabling it and going with the old iptables.

systemctl enable firewalld
systemclt start firewalld
firewall-cmd --permanent --zone=public --add-service openvpn
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-interface=tun0
firewall-cmd --reload
firewall-cmd --zone=public --list-services
firewall-cmd --zone=public --query-masquerade

ENABLE AND START THE OPENVPN DAEMON

systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service

Should any errors crop up, use "journalctl -xe" to view the full log. It is likely a typo or a skipped step.

CLIENT CONFIGURATION

To generate the files

cd /etc/openvpn/easy-rsa
./build-key client

For each client run the following and give the resulting files to the user:

/etc/openvpn/easy-rsa/keys: ca.crt client.crt client.key

The standard location on EL7 is to have the keys in

~/.cert/

If you are using SELinux (and you should), here is the selinux context fix for the certificate files:

semanage fcontext -a -t home_cert_t ~/.cert/
restorecon -R -v ~/.cert/

.OVPN CLIENT SAMPLE FILE

client
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ~/.cert/ca.crt
cert ~/.cert/client.crt
key ~/.cert/client.key
cipher AES-256-CBC