Skip to content

Instantly share code, notes, and snippets.

@coder36
Created March 31, 2014 19:10
Show Gist options
  • Save coder36/9899845 to your computer and use it in GitHub Desktop.
Save coder36/9899845 to your computer and use it in GitHub Desktop.
1) sudo apt-get install openvpn
2) Use Tinyca to create: CA, OpenVPN cert and key and Client cert and key
3) Edit /etc/openvpn/server.conf
Edit section as follows:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0" <--- this makes 192.168.1.0/24 subnet available accross vpn
Edit section:
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca my-cacert.pem <---- these should be placed in /etc/openvpn
cert vpn-cert.pem
key vpn-key.pem # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024 <---- run this to generate dh pem
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh1024.pem
4) Create file /usr/local/bin/firewall.sh
#!/bin/bash
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE
5) Edit /etc/rc.local
Add line:
/usr/local/bin/firewall.sh
6) Edit /etc/sysctl.conf and uncomment:
net.ipv4.ip_forward=1
7) Run sysctl -p
8) Add Port forward on router to UDP 1194
Done.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment