laurenorsini / server.conf
Last active

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

OpenVPN configuration for /etc/openvpn/server.conf

View server.conf
Raw
File suppressed. Click to show.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS

dev tun 

proto udp #Some people prefer to use tcp. Don't change it if you don't know.

port 1194 

ca /etc/openvpn/easy-rsa/keys/ca.crt 

cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME

key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME

dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!

server 10.8.0.0 255.255.255.0 

# server and remote endpoints 

ifconfig 10.8.0.1 10.8.0.2 

# Add route to Client routing table for the OpenVPN Server 

push "route 10.8.0.1 255.255.255.255" 

# Add route to Client routing table for the OpenVPN Subnet 

push "route 10.8.0.0 255.255.255.0" 

# your local subnet 

push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS

# Set primary domain name server address to the SOHO Router 

# If your router does not do DNS, you can use Google DNS 8.8.8.8 

push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.

# Override the Client default gateway by using 0.0.0.0/1 and 

# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 

# overriding but not wiping out the original default gateway. 

push "redirect-gateway def1" 

client-to-client 

duplicate-cn 

keepalive 10 120 

tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 

cipher AES-128-CBC 

comp-lzo 

user nobody 

group nogroup 

persist-key 

persist-tun 

status /var/log/openvpn-status.log 20 

log /var/log/openvpn.log 

verb 1
47GH87 commented

Hi, I tried out your tutorial on readwrite.com and it was very well detailed and easy to follow. I just have a few questions about this configuration file because I think it is the reason why the VPN server fails to start upon booting. Do I need to include the "#" in the file or is that just marking the separation between what you need to type and your comment. Also what do the 10th, 12th, 14th, 16th, 18th, 19th, 21st, 22nd, and 23rd lines mean in relation to them having a # in front of them because I'm confused whether they are directions of what to type in place of the comment or if they are just explaining what the text above or below the comment does. Or possibly a little of both. I really appreciate the help and would really like to get my Raspberry Pi VPN server finally running.

arner commented

everything after # in a line is a comment, so it doesn't do anything

johanstuhrnasser commented

Hi,
I'm using this for a project at school, and I was wondering... The IP 10.8.0.0 is that supposed to be changed to the public IP of my router or? It seems that my raspberry pi is getting another interface holding this IP.

Aikasse commented

Johanstuhrnasser:

"10.8.0.0 is the default address for Raspberry Pi for clients that are connected to the VPN."

source: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing

leaded71 commented

Sorry for the noob question. I have been following the readwrite tutorial http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing. It was all going well until I got to creating the server conf file. I have a few questions:

A) When putting in the crt and key names, is there a special syntax for listing the values for additional clients?

B) what does the red text signify? are the quotes meant to be typed as well?

LordMortus commented

Just wanted to point out, that in order for this to work now the verbose level has to be 2 or more. (New version of ssl)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.