Last active

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

OpenVPN configuration for /etc/openvpn/server.conf

View server.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
47GH87 commented

Hi, I tried out your tutorial on readwrite.com and it was very well detailed and easy to follow. I just have a few questions about this configuration file because I think it is the reason why the VPN server fails to start upon booting. Do I need to include the "#" in the file or is that just marking the separation between what you need to type and your comment. Also what do the 10th, 12th, 14th, 16th, 18th, 19th, 21st, 22nd, and 23rd lines mean in relation to them having a # in front of them because I'm confused whether they are directions of what to type in place of the comment or if they are just explaining what the text above or below the comment does. Or possibly a little of both. I really appreciate the help and would really like to get my Raspberry Pi VPN server finally running.

everything after # in a line is a comment, so it doesn't do anything

Hi,
I'm using this for a project at school, and I was wondering... The IP 10.8.0.0 is that supposed to be changed to the public IP of my router or? It seems that my raspberry pi is getting another interface holding this IP.

Johanstuhrnasser:

"10.8.0.0 is the default address for Raspberry Pi for clients that are connected to the VPN."

source: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing

Sorry for the noob question. I have been following the readwrite tutorial http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing. It was all going well until I got to creating the server conf file. I have a few questions:

A) When putting in the crt and key names, is there a special syntax for listing the values for additional clients?

B) what does the red text signify? are the quotes meant to be typed as well?

Just wanted to point out, that in order for this to work now the verbose level has to be 2 or more. (New version of ssl)

It works.I thought I configed a wrong server.conf.but I tried "iptables -t nat -L" found the problem.

what did that tell you prairie wolf? Mine isn't working for me either

Hello! After connecting, i recieve a message:

Wed Mar 11 22:58:56 2015 Successful ARP Flush on interface [57] {AF13632B-87D1-40D1-9533-4FB5FFC42FAC}
Wed Mar 11 22:59:01 2015 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=57]
Wed Mar 11 22:59:01 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed Mar 11 22:59:01 2015 Initialization Sequence Completed

I'm connected to server (ping to 10.8.0.1 is OK), but i cannot open a sites. And that's my server.conf:


local 192.168.1.140 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun 
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194 
ca /etc/openvpn/easy-rsa/keys/ca.crt 
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0 
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0" 
# your local subnet
push "route 192.168.1.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS 192.168.1.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway. 
push "redirect-gateway def1" 
client-to-client 
duplicate-cn 
keepalive 10 120 
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 
cipher AES-128-CBC
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn-status.log 20 
log /var/log/openvpn.log 
verb 1

@popipav on line 17, you need to put in your local IP for you rpi. looks like a typo

The problem was in the UDP-protocoll - i changed it to TCP and VoilĂ ! But thank you anyway!

The OpenVPN server will not work on my Pi. I have gone back and checked the files (and there were some errors, which are now fixed), but it just will not start. There is no error output either, so I can't do a proper debugging job.
What to do?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.