apt-get install openvpn
Lets create the easy-rsa and copy some sample files over
cd /etc/openvpn
mkdir easy-rsa
cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa/
Lets clean the easy rsa folder first
cd easy-rsa
source ./vars
./clean-all
Lets build the CA
./build-ca
Lets build the server
./build-key-server server
Lets build the DH parameters
./build-dh
For each client
./build-key clientname
Lets make sure that ipv4_forward and iptables can jump here and there.
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -j SNAT --to-source
Lets save the IPtables
iptables-save > /etc/iptables.up.rules
Lets create the openvpn server config
nano /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt # generated keys
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # keep secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.9.8.0 255.255.255.0 # internal tun0 connection IP
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo # Compression - must be turned on at both end
persist-key
persist-tun
status log/openvpn-status.log
verb 3 # verbose mode
client-to-client
cd /etc/openvpn
mkdir -p log/
touch log/openvpn-status.log
#This is needed if you want to route all traffic through the VPN
push "redirect-gateway def1 bypass-dhcp"
#Push down DNS just in case
push "dhcp-option DNS 8.8.8.8"
Restart the openvpn service and it should be up and running!
For the client config:
client
dev tun
port 1194
proto udp
remote VPNSERVER_IP 1194 # VPN server IP : PORT
nobind
ca ca.crt
cert clientname.crt
key clientname.key
comp-lzo
persist-key
persist-tun
verb 3
Copied from : https://wiki.debian.org/OpenVPN
No comments:
Post a Comment