- You need to have
TUN/TAPenabled
$ apt-get install -y openvpn easy-rsa$ make-cadir /etc/openvpn/easy-rsa
$ cd /etc/openvpn/easy-rsa
$ source vars
$ ./clean-all
$ ./build-ca
$ ./build-key-server server # take server IP as common name
$ ./build-key client
$ ./build-dh$ scp root@xx.xx.xx.xx:/etc/openvpn/easy-rsa/keys/{ca.crt,client.crt,client.key} .$ vim /etc/sysctl.conf # uncomment net.ipv4.ip_forward=1
$ sysctl -p$ vim /etc/openvpn/server.confport 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
$ vim /etc/rc.localReplace xx.xx.xx.xx with your server IP.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xx.xx.xx.xx
openvpn /etc/openvpn/server.conf
$ reboot
Hi,
Appreciate the step-by-step tutorial firstly. I almost make it work.
But the weird problem occurs after connection.
Actually I can connect to server via Tunnelblick client on my MacBook.
But after 60 seconds, the log in server shows:
“TLS Error: TLS key negotiation failed to occur within 60 seconds”
“TLS Error: TLS handshake failed”
“SIGUSR1[soft,tls-error] received, client-instance restarting”
Actually during the first 60 seconds, I can browser the internet properly. And also I can ping server successfully, even I check the ip which presents correctly 10.8.0.6 and external ip is my server’s.
But after about 60s, encounter the error. The connection is still on, but cannot access internet any more.
Any idea?