Skip to content

Instantly share code, notes, and snippets.

@meletisf

meletisf/openvpn.md

Created July 27, 2018 18:05
Show Gist options
  • Save meletisf/cf1036e9ec1d0657ef9fdfa9e87f6740 to your computer and use it in GitHub Desktop.
Save meletisf/cf1036e9ec1d0657ef9fdfa9e87f6740 to your computer and use it in GitHub Desktop.
Download ZIP
Install OpenVPN
Raw
openvpn.md

Install OpenVPN

apt-get install openvpn

Navigate into the directory

cd /etc/openvpn

Install easy-rsa

apt-get install easy-rsa

Make easy-rsa folder and copy the contents

mkdir easy-rsa
cp -R /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/

Edit the easy-rsa/vars file and change the export EASY_RSA to export EASY_RSA="/etc/openvpn/easy-rsa"

Once you do that then go one directory back to /etc/openvpn

Then type:

. ./easy-rsa/vars

and then

./easy-rsa/clean-all

then jump in tot eh easy-rsa directory

cd easy-rsa

and symlink the following file:

ln -s openssl-1.0.0.cnf openssl.cnf

Now it time to build the keys

go to /etc/openvpn and do:

./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key client1
./easy-rsa/build-dh
./easy-rsa/build-key-server server

then edit server.conf, delete everything and paste this:

dev tun
proto udp
port 1194
local 0.0.0.0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

then let the system know that you want ip forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

then update the ip tables:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to 192.168.1.99

then edit the /etc/sysctl.conf, find the line where it says net.ipv4.ip_forward=1 and make sure that it is uncommented.

then open /etc/rc.local and add the following lines above exit 0

iptables -t nat -A INPUT -i wlan0 -p udp -m udp --dport 1194 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to-source <your local ip>

you can obtain the local ip by the ifconfig command. ALso make sure that instead of wlan0 you have to correct interface.

then do

service openvpn restart

Make sure that everything works by reading the logs located at /var/log/openvpn

In roder to connect from a client you need to build a .ovpn file

dev tun
client
proto udp
remote <your public ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun


<ca>
// add the contents of the /easy-rsa/keys/ca.crt here
</ca>

<cert>
// add the contents of the /easy-rsa/keys/client1.crt here
</cert>

<key>
// add the contents of the /easy-rsa/keys/ca.key here
</key>

comp-lzo
verb 3

Save this file with any file name but it must ends with .ovpn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment