OpenVPN tutorial

1. apt-get install openvpn
2. cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/
3. cd /etc/openvpn/2.0
4. nano vars
5. ===
6. export KEY_COUNTRY="ID"
7. export KEY_PROVINCE="WestJava"
8. export KEY_CITY="Bogor"
9. export KEY_ORG="NilamVPN"
10. export KEY_EMAIL="mail@arie-online.net"
11. export KEY_CN="NilamVPN"
12. export KEY_NAME="NilamVPN"
13. export KEY_OU="NilamVPN"
14. ===
15. source ./vars;./clean-all;./build-ca;./build-dh;./build-key-server server
16. mkdir /etc/openvpn/keys/
17. cp /etc/openvpn/2.0/keys/* /etc/openvpn/keys/
18. cd /etc/openvpn
19. rm -Rf 2.0
20. nano 995.conf
21. ===
22. port 995
23. proto tcp
24. dev tap
25.  
26. ca /etc/openvpn/keys/ca.crt
27. dh /etc/openvpn/keys/dh1024.pem
28. cert /etc/openvpn/keys/server.crt
29. key /etc/openvpn/keys/server.key
30.  
31. plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
32. client-cert-not-required
33. username-as-common-name
34.  
35. server 192.168.33.0 255.255.255.0
36. push "redirect-gateway def1"
37.  
38. cipher none
39.  
40. keepalive 5 30
41.  
42. persist-key
43. persist-tun
44. client-to-client
45. status log-995.log
46. verb 3
47. mute 10
48. duplicate-cn
49. ===
50. service openvpn restart
51. ===
52. sysctl -w net.ipv4.ip_forward=1
53. nano /etc/sysctl.conf
54. ===
55. *filter
56. :FORWARD ACCEPT [0:0]
57. :INPUT ACCEPT [0:0]
58. :OUTPUT ACCEPT [0:0]
59. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
60. -A FORWARD -s 192.168.33.0/255.255.255.0 -j ACCEPT
61. -A FORWARD -j REJECT --reject-with icmp-port-unreachable
62. COMMIT
63.  
64. *nat
65. :PREROUTING ACCEPT [0:0]
66. :OUTPUT ACCEPT [0:0]
67. :POSTROUTING ACCEPT [0:0]
68. -A POSTROUTING -o venet0 -j SNAT --to-source 198.136.59.219
69. COMMIT
70. ===
71. Client
72.  
73. nano /etc/openvpn/995.conf
74. ===
75. auth-user-pass pass.txt
76. client
77. dev tap
78. proto tcp
79.  
80. remote 199.168.185.133 995
81. connect-retry 5
82.  
83. nobind
84. ping 5
85. ping-restart 120
86. persist-key
87. persist-tun
88. persist-remote-ip
89. mute-replay-warnings
90. verb 3
91.  
92. cipher none
93.  
94. route-nopull
95.  
96. <ca>
97. -----BEGIN CERTIFICATE-----
98. MIIDzjCCAzegAwIBAgIJAOGjcfu1WuWNMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
99. VQQGEwJJRDERMA8GA1UECBMIV2VzdEphdmExDjAMBgNVBAcTBUJvZ29yMREwDwYD
100. VQQKEwhOaWxhbVZQTjERMA8GA1UECxMITmlsYW1WUE4xETAPBgNVBAMTCE5pbGFt
101. VlBOMREwDwYDVQQpEwhOaWxhbVZQTjEjMCEGCSqGSIb3DQEJARYUbWFpbEBhcmll
102. LW9ubGluZS5uZXQwHhcNMTIxMjA2MjMwMTA4WhcNMjIxMjA0MjMwMTA4WjCBoTEL
103. MAkGA1UEBhMCSUQxETAPBgNVBAgTCFdlc3RKYXZhMQ4wDAYDVQQHEwVCb2dvcjER
104. MA8GA1UEChMITmlsYW1WUE4xETAPBgNVBAsTCE5pbGFtVlBOMREwDwYDVQQDEwhO
105. aWxhbVZQTjERMA8GA1UEKRMITmlsYW1WUE4xIzAhBgkqhkiG9w0BCQEWFG1haWxA
106. YXJpZS1vbmxpbmUubmV0MIGfMd0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBIncm
107. USsrWq6PCIdrO8XRSYi7QDCVdedzoQN+DsriLLg/49bmSfwkN9QqKJB/SR9hMO+7
108. vACbcdsEg+OqNgpKypP9YXQMQSNp5ZL5PJ5jfqUfT25L41Z5KEAddXenZQo30Jem
109. 92aKYvjmS4rsEEeuPk4e4BbJogRCP7YSCE5pjQIDAQABo4IBCjCCAQYwHQYDVR0O
110. BBYEFCWj2vOeTLZNgpD3/T9GcbhwZUk3MIHWBgNVHSMEgc4wgcuAFCWj2vOeTLZN
111. gpD3/T9GcbhwZUk3oYGnpIGkMIGhMQswCQYDVQQGEwJJRDERMA8GA1UECBMIV2Vz
112. dEphdmExDjAMBgNVBAcTBUJvZ29yMREwDwYDVQQKEwhOaWxhbVZQTjERMA8GA1UE
113. CxMITmlsYW1WUE4xETAPBgNVBAMTCE5pbGFtVlBOMREwDwYDVQQpEwhOaWxhbVZQ
114. TjEjMCEGCSqGSIb3DQEJARYUbWFpbEBhcmllLW9ubGluZS5uZXSCCQDho3H7tVrl
115. jTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAApLydqyIJye7fBV/RMh
116. p0jfqi45F8ghEEk73kzwLrPHZHDAdeAt1fZTrX9EHXE2s7gyw/WDkhN2wHMcwglq
117. tviwOSFG+L7kJ9AK4lYKl+G5dhgqk7BxyLzP7pdEDUDEwu2JN4OhzHtxCvqO2v3M
118. vdHyHjFOBrQsOEZcgwa4+ch8
119. -----END CERTIFICATE-----
120. </ca>
121. ===
122. nano /etc/openvpn/pass.txt
123. ===
124. username
125. password
126. ===
127. service openvpn restart