coder36/Openvpn on Raspberry pi

## Openvpn on Raspberry pi
1) sudo apt-get install openvpn


2) Use Tinyca to create: CA, OpenVPN cert and key and Client cert and key

3) Edit /etc/openvpn/server.conf

Edit section as follows:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0"    <--- this makes 192.168.1.0/24 subnet available accross vpn


Edit section:
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca my-cacert.pem     <---- these should be placed in /etc/openvpn
cert vpn-cert.pem
key vpn-key.pem  # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024    <---- run this to generate dh pem
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh1024.pem


4) Create file /usr/local/bin/firewall.sh
    #!/bin/bash
    iptables -t filter -F
    iptables -t nat -F
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE

5) Edit /etc/rc.local
    Add line:
      /usr/local/bin/firewall.sh

6) Edit /etc/sysctl.conf and uncomment:
    net.ipv4.ip_forward=1

7) Run sysctl -p

8) Add Port forward on router to UDP 1194

Done.
	1) sudo apt-get install openvpn


	2) Use Tinyca to create: CA, OpenVPN cert and key and Client cert and key

	3) Edit /etc/openvpn/server.conf

	Edit section as follows:
	# Push routes to the client to allow it
	# to reach other private subnets behind
	# the server. Remember that these
	# private subnets will also need
	# to know to route the OpenVPN client
	# address pool (10.8.0.0/255.255.255.0)
	# back to the OpenVPN server.
	push "route 192.168.1.0 255.255.255.0" <--- this makes 192.168.1.0/24 subnet available accross vpn


	Edit section:
	# Any X509 key management system can be used.
	# OpenVPN can also use a PKCS #12 formatted key file
	# (see "pkcs12" directive in man page).
	ca my-cacert.pem <---- these should be placed in /etc/openvpn
	cert vpn-cert.pem
	key vpn-key.pem # This file should be kept secret

	# Diffie hellman parameters.
	# Generate your own with:
	# openssl dhparam -out dh1024.pem 1024 <---- run this to generate dh pem
	# Substitute 2048 for 1024 if you are using
	# 2048 bit keys.
	dh dh1024.pem


	4) Create file /usr/local/bin/firewall.sh
	#!/bin/bash
	iptables -t filter -F
	iptables -t nat -F
	iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
	iptables -A FORWARD -j REJECT
	iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE

	5) Edit /etc/rc.local
	Add line:
	/usr/local/bin/firewall.sh

	6) Edit /etc/sysctl.conf and uncomment:
	net.ipv4.ip_forward=1

	7) Run sysctl -p

	8) Add Port forward on router to UDP 1194

	Done.