API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 22nd, 2014
350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.49 KB | None | 0 0
raw download clone embed print report diff
  1. router on 192.168.2.254
  2. openvpn pi on 192.168.2.43 wlan0, no eth0 connected
  3. ------------------------------------------------------------------------------------------------------------------------
  4. cat test.ovpn
  5. client
  6. dev tun
  7. proto udp
  8. remote my.external.ip 2345
  9. resolv-retry infinite
  10. nobind
  11. persist-key
  12. persist-tun
  13. mute-replay-warnings
  14. ns-cert-type server
  15. key-direction 1
  16. cipher AES-128-CBC
  17. comp-lzo
  18. verb 5
  19. mute 20
  20. <ca>
  21. -----BEGIN CERTIFICATE-----
  22. ------------------------------------------------------------------------------------------------------------------------
  23. sudo cat /etc/openvpn/server.conf
  24. local 192.168.2.43 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
  25. dev tun
  26. proto udp #Some people prefer to use tcp. Don't change it if you don't know.
  27. port 2345
  28. ca /etc/openvpn/easy-rsa/keys/ca.crt
  29. cert /etc/openvpn/easy-rsa/keys/amsterpi.crt # SWAP WITH YOUR CRT NAME
  30. key /etc/openvpn/easy-rsa/keys/amsterpi.key # SWAP WITH YOUR KEY NAME
  31. dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
  32. server 10.8.0.0 255.255.255.0
  33. # server and remote endpoints
  34. ifconfig 10.8.0.1 10.8.0.2
  35. # Add route to Client routing table for the OpenVPN Server
  36. push "route 10.8.0.1 255.255.255.255"
  37. # Add route to Client routing table for the OpenVPN Subnet
  38. push "route 10.8.0.0 255.255.255.0"
  39. # your local subnet
  40. push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
  41. # Set primary domain name server address to the SOHO Router
  42. # If your router does not do DNS, you can use Google DNS 8.8.8.8
  43. push "dhcp-option DNS 192.168.2.254" # This should already match your router address and not need to be changed.
  44. # Override the Client default gateway by using 0.0.0.0/1 and
  45. # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
  46. # overriding but not wiping out the original default gateway.
  47. push "redirect-gateway local def1"
  48. client-to-client
  49. duplicate-cn
  50. keepalive 10 120
  51. tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
  52. cipher AES-128-CBC
  53. comp-lzo
  54. user nobody
  55. group nogroup
  56. persist-key
  57. persist-tun
  58. status /var/log/openvpn-status.log 20
  59. log /var/log/openvpn.log
  60. verb 5
  61. ------------------------------------------------------------------------------------------------------------------------
  62. sudo cat /etc/firewall-openvpn-rules.sh
  63. #!/bin/sh
  64. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to-source 192.168.2.43
  65. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!