SHOW:
|
|
- or go back to the newest paste.
| 1 | router on 192.168.2.254 | |
| 2 | openvpn pi on 192.168.2.43 wlan0, no eth0 connected | |
| 3 | ------------------------------------------------------------------------------------------------------------------------ | |
| 4 | cat test.ovpn | |
| 5 | client | |
| 6 | dev tun | |
| 7 | proto udp | |
| 8 | - | remote my.external.ip 1194 |
| 8 | + | remote my.external.ip 2345 |
| 9 | resolv-retry infinite | |
| 10 | nobind | |
| 11 | persist-key | |
| 12 | persist-tun | |
| 13 | mute-replay-warnings | |
| 14 | ns-cert-type server | |
| 15 | key-direction 1 | |
| 16 | cipher AES-128-CBC | |
| 17 | comp-lzo | |
| 18 | verb 5 | |
| 19 | mute 20 | |
| 20 | <ca> | |
| 21 | -----BEGIN CERTIFICATE----- | |
| 22 | ------------------------------------------------------------------------------------------------------------------------ | |
| 23 | sudo cat /etc/openvpn/server.conf | |
| 24 | local 192.168.2.43 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
| 25 | dev tun | |
| 26 | proto udp #Some people prefer to use tcp. Don't change it if you don't know. | |
| 27 | - | port 1194 |
| 27 | + | port 2345 |
| 28 | ca /etc/openvpn/easy-rsa/keys/ca.crt | |
| 29 | cert /etc/openvpn/easy-rsa/keys/amsterpi.crt # SWAP WITH YOUR CRT NAME | |
| 30 | key /etc/openvpn/easy-rsa/keys/amsterpi.key # SWAP WITH YOUR KEY NAME | |
| 31 | dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here! | |
| 32 | server 10.8.0.0 255.255.255.0 | |
| 33 | # server and remote endpoints | |
| 34 | ifconfig 10.8.0.1 10.8.0.2 | |
| 35 | # Add route to Client routing table for the OpenVPN Server | |
| 36 | push "route 10.8.0.1 255.255.255.255" | |
| 37 | # Add route to Client routing table for the OpenVPN Subnet | |
| 38 | push "route 10.8.0.0 255.255.255.0" | |
| 39 | # your local subnet | |
| 40 | push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
| 41 | # Set primary domain name server address to the SOHO Router | |
| 42 | # If your router does not do DNS, you can use Google DNS 8.8.8.8 | |
| 43 | push "dhcp-option DNS 192.168.2.254" # This should already match your router address and not need to be changed. | |
| 44 | # Override the Client default gateway by using 0.0.0.0/1 and | |
| 45 | # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of | |
| 46 | # overriding but not wiping out the original default gateway. | |
| 47 | push "redirect-gateway local def1" | |
| 48 | client-to-client | |
| 49 | duplicate-cn | |
| 50 | keepalive 10 120 | |
| 51 | tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 | |
| 52 | cipher AES-128-CBC | |
| 53 | comp-lzo | |
| 54 | user nobody | |
| 55 | group nogroup | |
| 56 | persist-key | |
| 57 | persist-tun | |
| 58 | status /var/log/openvpn-status.log 20 | |
| 59 | log /var/log/openvpn.log | |
| 60 | verb 5 | |
| 61 | ------------------------------------------------------------------------------------------------------------------------ | |
| 62 | sudo cat /etc/firewall-openvpn-rules.sh | |
| 63 | #!/bin/sh | |
| 64 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to-source 192.168.2.43 | |
| 65 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE |
