Skip to content

Instantly share code, notes, and snippets.

@r3nya r3nya/openvpn.md forked from padde/openvpn.md
Last active Aug 29, 2015

Embed
What would you like to do?

OpenVPN on Ubuntu 12.10 at DigitalOcean

Install OpenVPN

sudo apt-get install openvpn

Generate Server Certificates

sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa2
cd /etc/openvpn/easy-rsa2

edit variables

sudo vim vars

export KEY_COUNTRY="XX"
export KEY_PROVINCE="YY"
export KEY_CITY="City"
export KEY_ORG="My VPN Service"
export KEY_EMAIL="mail@example.com"

now generate certificates

sudo mkdir keys

source ./vars
sudo -E ./clean-all
sudo -E ./build-ca
sudo -E ./build-key-server server
sudo -E ./build-dh

sudo cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn
sudo cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn

restart OpenVPN

sudo service openvpn restart

Generate Client Certificates

cd /etc/openvpn/easy-rsa2
source ./vars
sudo -E ./build-key user1

Copy these files to your client over asecure channel (SSH, USB Stick):

ca.crt
user1.crt
user1.key

Configure OpenVPN

sudo adduser --system --no-create-home --disabled-login openvpn
sudo addgroup --system --no-create-home --disabled-login openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gunzip /etc/openvpn/server.conf.gz
cd /etc/openvpn

edit configuration

sudo vim server.conf

change user and group:

user openvpn
group openvpn

restart OpenVPN

sudo service openvpn restart

check if running

ifconfig tun0

Enable Routing Web Traffic Through VPN

cd /etc/openvpn
sudo vim server.conf

uncomment this line:

push "redirect-gateway def1 bypass-dhcp"

restart OpenVPN

sudo service openvpn restart

enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

add SNAT rule

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to $(curl whatismyip.akamai.com)

make iptables rules permanent so they are still there after a reboot

sudo apt-get install iptables-persistent

Accept all the defaults and you're done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.