Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Configure Openvpn
- This guide is being done by using Debian 6.x version. If you are using other flavors, it's still using the same way.
- 1. Install necessary software needed for openvpn
- apt-get install openvpn openssl rdate
- 2. Now on the server side issue these commands
- mkdir /etc/openvpn/easy-rsa
- cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
- cp -R * /etc/openvpn/easy-rsa
- cd /etc/openvpn/easy-rsa
- source ./vars
- ./clean-all
- ./build-ca
- It will ask you to fill up details about your CA cert. Just fill up information required
- 3. Now create the certificates for the server side
- ./build-key-server server
- Same as above, it will ask to fill up information. Just fill up information required
- 4. Now create the certificate for the client side
- ./build-key User1
- Same details as above, fill it up
- 5. you can create as many keys as you need from this point for as many clients as you want, once you have finished issue this command.
- ./build-dh
- 6. After finish setting up the keys and certificate, now we configure the server side config
- cd /usr/share/doc/openvpn/examples/sample-config-files/
- cp server.conf.gz /etc/openvpn/
- cd /etc/openvpn/
- gunzip server.conf.gz
- vim server.conf
- 7. Look for these lines inside the config
- ca ca.crt
- cert server.crt
- key server.key
- dh dh1024.pem
- and replaced it with these lines
- ca /etc/openvpn/easy-rsa/keys/ca.crt
- cert /etc/openvpn/easy-rsa/keys/server.crt
- key /etc/openvpn/easy-rsa/keys/server.key
- dh /etc/openvpn/easy-rsa/keys/dh1024.pem
- uncomment the client-to-client directive to if you want your client to be able to connect to each others through the VPN, and not only to the server.
- 8. After finished configuring the server, now you configure the client config. The files needed for the client are:
- ca.crt
- client1.crt
- client1.key
- based on the config above, it should be under /etc/openvpn/easy-rsa/keys
- 9. Now we configure client config. To make it easy to manage the files for client, put all the certificate and key file into the same forlder as client config file and
- cd /usr/share/doc/openvpn/examples/sample-config-files/
- cp client.conf /etc/openvpn/user1
- cd /etc/openvpn/user1
- vi client.conf
- Look for this lines and uncomment them to increase security
- user nobody
- group nogroup
- look for these lines
- ca ca.crt
- cert client.crt
- key client.key
- remote server-ip 1194
- and replaced them to these.
- ca ca.crt
- cert user1.crt
- key user1.key
- remote [your.server.ip] 1194
- 10. Save this client config files as user1.ovpn
- you can save it into other name you want, as long you save it as .ovpn
- 11. Send the files below to the client:
- ca ca.crt
- cert user1.crt
- key user1.key
- user1.ovpn
- 12. Client can connect to your vpn server. by putting this details into the openvpn config folder if they are using windows. If your client is using Linux, they can use linux vpn dialer. get them to import the .ovpn files, and it will automatically fill in all the details
- ADDITIONAL GUIDE
- If you want to route all traffic to the tunnel follow below steps
- 1. In your server conf file, uncomment below:
- push "redirect-gateway def1 bypass-dhcp"
- 2. Then still in the server, run this command
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -j MASQUERADE
- 3. I also did these
- push "route 192.168.1.0 255.255.255.0"
- 192.168.1.x is my LAN range, you may modify it according to your own LAN subnet
- IMPORTANT DETAILS
- 1. If you are using VPS, make sure to get your VPS provider to enable TUN/TAP if you have issues
- ISSUES THAT MIGHT ARISE
- 1. If you try to start the openvpn service but it does not started, try changing the VPN listening port to something else, for example 1723
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement