Created
March 31, 2014 19:10
-
-
Save coder36/9899845 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1) sudo apt-get install openvpn | |
2) Use Tinyca to create: CA, OpenVPN cert and key and Client cert and key | |
3) Edit /etc/openvpn/server.conf | |
Edit section as follows: | |
# Push routes to the client to allow it | |
# to reach other private subnets behind | |
# the server. Remember that these | |
# private subnets will also need | |
# to know to route the OpenVPN client | |
# address pool (10.8.0.0/255.255.255.0) | |
# back to the OpenVPN server. | |
push "route 192.168.1.0 255.255.255.0" <--- this makes 192.168.1.0/24 subnet available accross vpn | |
Edit section: | |
# Any X509 key management system can be used. | |
# OpenVPN can also use a PKCS #12 formatted key file | |
# (see "pkcs12" directive in man page). | |
ca my-cacert.pem <---- these should be placed in /etc/openvpn | |
cert vpn-cert.pem | |
key vpn-key.pem # This file should be kept secret | |
# Diffie hellman parameters. | |
# Generate your own with: | |
# openssl dhparam -out dh1024.pem 1024 <---- run this to generate dh pem | |
# Substitute 2048 for 1024 if you are using | |
# 2048 bit keys. | |
dh dh1024.pem | |
4) Create file /usr/local/bin/firewall.sh | |
#!/bin/bash | |
iptables -t filter -F | |
iptables -t nat -F | |
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT | |
iptables -A FORWARD -j REJECT | |
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE | |
5) Edit /etc/rc.local | |
Add line: | |
/usr/local/bin/firewall.sh | |
6) Edit /etc/sysctl.conf and uncomment: | |
net.ipv4.ip_forward=1 | |
7) Run sysctl -p | |
8) Add Port forward on router to UDP 1194 | |
Done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment