# Install OpenVPN server```shsudo apt-get install openvpn easy-rsamake-cadir

1. # Install OpenVPN server
2. ```sh
3. sudo apt-get install openvpn easy-rsa
4. make-cadir ~/openvpn-ca
5. cd ~/openvpn-ca
6. ```
7. ```sh
8. nano vars
9. ```
10. Now configure variables
11. ```conf
12. export KEY_COUNTRY="CZ"
13. export KEY_PROVINCE="CA"
14. export KEY_CITY="town"
15. export KEY_ORG="home"
16. export KEY_EMAIL="me@myhost.mydomain"
17. export KEY_OU="home"
18.  
19. export KEY_NAME="server"
20. ```
21. ```sh
22. source vars
23. ./clean-all
24. ./build-ca
25. ./build-key-server server
26. ./build-dh
27. openvpn --genkey --secret keys/ta.key
28. cd ~/openvpn-ca/keys
29. sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn
30. ```
31. ```sh
32. /etc/openvpn/server.conf
33. ```
34. ```conf
35. port 1194
36. proto udp
37. dev tun
38.  
39. ca ca.crt
40. cert server.crt
41. key server.key
42. dh dh2048.pem
43.  
44. server 10.8.0.0 255.255.255.0
45. ifconfig-pool-persist ipp.txt
46. push "redirect-gateway def1 bypass-dhcp"
47. push "dhcp-option DNS 208.67.222.222"
48. push "dhcp-option DNS 208.67.220.220"
49.  
50. tls-auth ta.key 0
51. key-direction 0
52. cipher AES-128-CBC
53. auth SHA256
54.  
55. keepalive 60 120
56. comp-lzo
57. client-to-client
58.  
59. user nobody
60. group nogroup
61. persist-key
62. persist-tun
63.  
64. status openvpn-status.log
65. verb 3
66. ```
67. ```sh
68. sudo nano /etc/sysctl.conf
69. ```
70. ```conf
71. net.ipv4.ip_forward=1 # find this line are removed # character to enable it
72. ```
73. ```sh
74. sudo systemctl enable openvpn@server
75. sudo systemctl start openvpn@server
76. ```
77.  
78. Don't forget to enable firewall port 1194
79.  
80. ## To create clients
81. ```sh
82. mkdir -p ~/client-configs/files
83. chmod 700 ~/client-configs/files
84. nano ~/client-configs/base.conf
85. ```
86. ```conf
87. client
88. dev tun
89. proto udp
90. remote xxx.xxx.xxx.xxx 1194 # change IP address to IP of your server
91. comp-lzo
92. resolv-retry infinite
93. auth-retry none
94. nobind
95. persist-key
96. persist-tun
97. mute-replay-warnings
98. remote-cert-tls server
99. cipher AES-128-CBC
100. auth SHA256
101. key-direction 1
102. verb 3
103. mute 20
104. ```
105. ```sh
106. nano ~/client-configs/make_config.sh
107. ```
108. ```sh
109. #!/bin/bash
110.  
111. # First argument: Client identifier
112.  
113. KEY_DIR=~/openvpn-ca/keys
114. OUTPUT_DIR=~/client-configs/files
115. BASE_CONFIG=~/client-configs/base.conf
116.  
117. cd ~/openvpn-ca
118. source vars
119. ./build-key ${1}
120.  
121. cat ${BASE_CONFIG} \
122. <(echo -e '<ca>') \
123. ${KEY_DIR}/ca.crt \
124. <(echo -e '</ca>\n<cert>') \
125. ${KEY_DIR}/${1}.crt \
126. <(echo -e '</cert>\n<key>') \
127. ${KEY_DIR}/${1}.key \
128. <(echo -e '</key>\n<tls-auth>') \
129. ${KEY_DIR}/ta.key \
130. <(echo -e '</tls-auth>') \
131. > ${OUTPUT_DIR}/${1}.ovpn
132. ```
133. ```sh
134. chmod 700 ~/client-configs/make_config.sh
135. ```
136. ## To generate client
137. ```sh
138. ~/client-configs/make_config.sh client_name
139. ```