Install OpenVPN
apt-get install openvpn
Navigate into the directory
cd /etc/openvpn
Install easy-rsa
apt-get install easy-rsa
Make easy-rsa folder and copy the contents
mkdir easy-rsa
cp -R /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Edit the easy-rsa/vars
file and change the export EASY_RSA
to export EASY_RSA="/etc/openvpn/easy-rsa"
Once you do that then go one directory back to /etc/openvpn
Then type:
. ./easy-rsa/vars
and then
./easy-rsa/clean-all
then jump in tot eh easy-rsa
directory
cd easy-rsa
and symlink the following file:
ln -s openssl-1.0.0.cnf openssl.cnf
Now it time to build the keys
go to /etc/openvpn
and do:
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key client1
./easy-rsa/build-dh
./easy-rsa/build-key-server server
then edit server.conf
, delete everything and paste this:
dev tun
proto udp
port 1194
local 0.0.0.0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
then let the system know that you want ip forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
then update the ip tables:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to 192.168.1.99
then edit the /etc/sysctl.conf
, find the line where it says net.ipv4.ip_forward=1
and make sure that it is uncommented.
then open /etc/rc.local
and add the following lines above exit 0
iptables -t nat -A INPUT -i wlan0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to-source <your local ip>
you can obtain the local ip by the ifconfig
command. ALso make sure that instead of wlan0
you have to correct interface.
then do
service openvpn restart
Make sure that everything works by reading the logs located at /var/log/openvpn
In roder to connect from a client you need to build a .ovpn
file
dev tun
client
proto udp
remote <your public ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
// add the contents of the /easy-rsa/keys/ca.crt here
</ca>
<cert>
// add the contents of the /easy-rsa/keys/client1.crt here
</cert>
<key>
// add the contents of the /easy-rsa/keys/ca.key here
</key>
comp-lzo
verb 3
Save this file with any file name but it must ends with .ovpn