daily pastebin goal
71%
SHARE
TWEET

openvpn setup guide by dimenxion

ak47suk1 Jun 28th, 2011 284 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Configure Openvpn
  2.  
  3. This guide is being done by using Debian 6.x version. If you are using other flavors, it's still using the same way.
  4.  
  5.  
  6. 1. Install necessary software needed for openvpn
  7.  
  8.  
  9. apt-get install openvpn openssl rdate
  10.  
  11.  
  12. 2. Now on the server side issue these commands
  13.  
  14. mkdir /etc/openvpn/easy-rsa
  15.  
  16. cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
  17.  
  18. cp -R * /etc/openvpn/easy-rsa
  19.  
  20. cd /etc/openvpn/easy-rsa
  21.  
  22. source ./vars
  23.  
  24. ./clean-all
  25.  
  26. ./build-ca
  27.  
  28.  
  29. It will ask you to fill up details about your CA cert. Just fill up information required
  30.  
  31.  
  32. 3. Now create the certificates for the server side
  33.  
  34.  
  35. ./build-key-server server
  36.  
  37.  
  38. Same as above, it will ask to fill up information. Just fill up information required
  39.  
  40.  
  41. 4. Now create the certificate for the client side
  42.  
  43.  
  44. ./build-key User1
  45.  
  46.  
  47. Same details as above, fill it up
  48.  
  49.  
  50. 5. you can create as many keys as you need from this point for as many clients as you want, once you have finished issue this command.
  51.  
  52.  
  53. ./build-dh
  54.  
  55.  
  56. 6. After finish setting up the keys and certificate, now we configure the server side config
  57.  
  58. cd /usr/share/doc/openvpn/examples/sample-config-files/
  59.  
  60. cp server.conf.gz /etc/openvpn/
  61.  
  62. cd /etc/openvpn/
  63.  
  64. gunzip server.conf.gz
  65.  
  66. vim server.conf
  67.  
  68.  
  69.  
  70. 7. Look for these lines inside the config
  71.  
  72. ca ca.crt
  73.  
  74. cert server.crt
  75.  
  76. key server.key
  77.  
  78. dh dh1024.pem
  79.  
  80.  
  81. and replaced it with these lines
  82.  
  83.  
  84. ca /etc/openvpn/easy-rsa/keys/ca.crt
  85.  
  86. cert /etc/openvpn/easy-rsa/keys/server.crt
  87.  
  88. key /etc/openvpn/easy-rsa/keys/server.key
  89.  
  90. dh /etc/openvpn/easy-rsa/keys/dh1024.pem
  91.  
  92.  
  93. uncomment the client-to-client directive to if you want your client to be able to connect to each others through the VPN, and not only to the server.
  94.  
  95.  
  96.  
  97. 8. After finished configuring the server, now you configure the client config. The files needed for the client are:
  98.  
  99.  
  100. ca.crt
  101.  
  102. client1.crt
  103.  
  104. client1.key
  105.  
  106.  
  107. based on the config above, it should be under /etc/openvpn/easy-rsa/keys
  108.  
  109.  
  110.  
  111. 9. Now we configure client config. To make it easy to manage the files for client, put all the certificate and key file into the same forlder as client config file and
  112.  
  113.  
  114. cd /usr/share/doc/openvpn/examples/sample-config-files/
  115.  
  116. cp client.conf /etc/openvpn/user1
  117.  
  118. cd /etc/openvpn/user1
  119.  
  120. vi client.conf
  121.  
  122.  
  123. Look for this lines and uncomment them to increase security
  124.  
  125. user nobody
  126.  
  127. group nogroup
  128.  
  129.  
  130.  
  131. look for these lines
  132.  
  133. ca ca.crt
  134.  
  135. cert client.crt
  136.  
  137. key client.key
  138.  
  139. remote server-ip 1194
  140.  
  141.  
  142.  
  143. and replaced them to these.
  144.  
  145.  
  146. ca ca.crt
  147.  
  148. cert user1.crt
  149.  
  150. key user1.key
  151.  
  152. remote [your.server.ip] 1194
  153.  
  154.  
  155.  
  156. 10. Save this client config files as user1.ovpn
  157.  
  158.  
  159. you can save it into other name you want, as long you save it as .ovpn
  160.  
  161.  
  162. 11. Send the files below to the client:
  163.  
  164. ca ca.crt
  165.  
  166. cert user1.crt
  167.  
  168. key user1.key
  169.  
  170. user1.ovpn
  171.  
  172.  
  173.  
  174. 12. Client can connect to your vpn server. by putting this details into the openvpn config folder if they are using windows. If your client is using Linux, they can use linux vpn dialer. get them to import the .ovpn files, and it will automatically fill in all the details
  175.  
  176.  
  177. ADDITIONAL GUIDE
  178.  
  179.  
  180. If you want to route all traffic to the tunnel follow below steps
  181.  
  182.  
  183. 1. In your server conf file, uncomment below:
  184.  
  185. push "redirect-gateway def1 bypass-dhcp"
  186.  
  187.  
  188. 2. Then still in the server, run this command
  189.  
  190. echo 1 > /proc/sys/net/ipv4/ip_forward
  191.  
  192. iptables -t nat -A POSTROUTING -j MASQUERADE
  193.  
  194.  
  195. 3. I also did these
  196.  
  197. push "route 192.168.1.0 255.255.255.0"
  198.  
  199. 192.168.1.x is my LAN range, you may modify it according to your own LAN subnet
  200.  
  201.  
  202. IMPORTANT DETAILS
  203.  
  204.  
  205. 1. If you are using VPS, make sure to get your VPS provider to enable TUN/TAP if you have issues
  206.  
  207.  
  208. ISSUES THAT MIGHT ARISE
  209.  
  210. 1. If you try to start the openvpn service but it does not started, try changing the VPN listening port to something else, for example 1723
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top