Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Install OpenVPN server
- ```sh
- sudo apt-get install openvpn easy-rsa
- make-cadir ~/openvpn-ca
- cd ~/openvpn-ca
- ```
- ```sh
- nano vars
- ```
- Now configure variables
- ```conf
- export KEY_COUNTRY="CZ"
- export KEY_PROVINCE="CA"
- export KEY_CITY="town"
- export KEY_ORG="home"
- export KEY_EMAIL="me@myhost.mydomain"
- export KEY_OU="home"
- export KEY_NAME="server"
- ```
- ```sh
- source vars
- ./clean-all
- ./build-ca
- ./build-key-server server
- ./build-dh
- openvpn --genkey --secret keys/ta.key
- cd ~/openvpn-ca/keys
- sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn
- ```
- ```sh
- /etc/openvpn/server.conf
- ```
- ```conf
- port 1194
- proto udp
- dev tun
- ca ca.crt
- cert server.crt
- key server.key
- dh dh2048.pem
- server 10.8.0.0 255.255.255.0
- ifconfig-pool-persist ipp.txt
- push "redirect-gateway def1 bypass-dhcp"
- push "dhcp-option DNS 208.67.222.222"
- push "dhcp-option DNS 208.67.220.220"
- tls-auth ta.key 0
- key-direction 0
- cipher AES-128-CBC
- auth SHA256
- keepalive 60 120
- comp-lzo
- client-to-client
- user nobody
- group nogroup
- persist-key
- persist-tun
- status openvpn-status.log
- verb 3
- ```
- ```sh
- sudo nano /etc/sysctl.conf
- ```
- ```conf
- net.ipv4.ip_forward=1 # find this line are removed # character to enable it
- ```
- ```sh
- sudo systemctl enable openvpn@server
- sudo systemctl start openvpn@server
- ```
- Don't forget to enable firewall port 1194
- ## To create clients
- ```sh
- mkdir -p ~/client-configs/files
- chmod 700 ~/client-configs/files
- nano ~/client-configs/base.conf
- ```
- ```conf
- client
- dev tun
- proto udp
- remote xxx.xxx.xxx.xxx 1194 # change IP address to IP of your server
- comp-lzo
- resolv-retry infinite
- auth-retry none
- nobind
- persist-key
- persist-tun
- mute-replay-warnings
- remote-cert-tls server
- cipher AES-128-CBC
- auth SHA256
- key-direction 1
- verb 3
- mute 20
- ```
- ```sh
- nano ~/client-configs/make_config.sh
- ```
- ```sh
- #!/bin/bash
- # First argument: Client identifier
- KEY_DIR=~/openvpn-ca/keys
- OUTPUT_DIR=~/client-configs/files
- BASE_CONFIG=~/client-configs/base.conf
- cd ~/openvpn-ca
- source vars
- ./build-key ${1}
- cat ${BASE_CONFIG} \
- <(echo -e '<ca>') \
- ${KEY_DIR}/ca.crt \
- <(echo -e '</ca>\n<cert>') \
- ${KEY_DIR}/${1}.crt \
- <(echo -e '</cert>\n<key>') \
- ${KEY_DIR}/${1}.key \
- <(echo -e '</key>\n<tls-auth>') \
- ${KEY_DIR}/ta.key \
- <(echo -e '</tls-auth>') \
- > ${OUTPUT_DIR}/${1}.ovpn
- ```
- ```sh
- chmod 700 ~/client-configs/make_config.sh
- ```
- ## To generate client
- ```sh
- ~/client-configs/make_config.sh client_name
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement