API tools faq
paste
Advertisement
sohotcall

Setting OpenVPN Debian - Fixed Client IP Address

sohotcall
Sep 17th, 2020 (edited)
218
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.96 KB | None | 0 0
raw download clone embed print report
  1. ########
  2. # SERVER
  3. ########
  4.  
  5. $ apt-get update -y
  6.  
  7. $ apt-get upgrade -y
  8.  
  9. $ apt-get install openvpn -y
  10.  
  11. $ cp -r /usr/share/easy-rsa /etc/openvpn
  12.  
  13. $ cd /etc/openvpn/easy-rsa
  14.  
  15. $ ln -s openssl-1.0.0.cnf openssl.cnf
  16.  
  17. $ . ./vars
  18.  
  19. $ ./clean-all
  20.  
  21. $ ./build-ca
  22.  
  23. $ ./build-key-server server
  24.  
  25. $ ./build-key client3
  26.  
  27. $ ./build-key client4
  28.  
  29. $ ./build-key client5
  30.  
  31. $ ./build-dh
  32.  
  33. $ mkdir /etc/openvpn/staticclients
  34.  
  35. $ nano /etc/openvpn/server.conf
  36. # You may need to change dh2048.pem filename, find it in /etc/openvpn/easy-rsa/keys/
  37. ###
  38. port 1194
  39. proto udp
  40. dev tun
  41. ca /etc/openvpn/easy-rsa/keys/ca.crt
  42. cert /etc/openvpn/easy-rsa/keys/server.crt
  43. key /etc/openvpn/easy-rsa/keys/server.key
  44. dh /etc/openvpn/easy-rsa/keys/dh2048.pem
  45. server 10.8.0.0 255.255.255.0
  46. #push "redirect-gateway def1"
  47. topology subnet
  48. client-config-dir /etc/openvpn/staticclients
  49. push "dhcp-option DNS 208.67.222.222"
  50. push "dhcp-option DNS 208.67.220.220"
  51. duplicate-cn
  52. cipher AES-256-CBC
  53. tls-version-min 1.2
  54. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA25>
  55. auth SHA512
  56. auth-nocache
  57. keepalive 20 60
  58. persist-key
  59. persist-tun
  60. compress lz4
  61. daemon
  62. user nobody
  63. group nogroup
  64. log-append /var/log/openvpn.log
  65. verb 3
  66. ###
  67.  
  68. $ nano /etc/openvpn/staticclients/client3
  69. ###
  70. ifconfig-push 10.8.0.3 255.255.255.0
  71. ###
  72.  
  73. $ nano /etc/openvpn/staticclients/client4
  74. ###
  75. ifconfig-push 10.8.0.4 255.255.255.0
  76. ###
  77.  
  78. $ nano /etc/openvpn/staticclients/client5
  79. ###
  80. ifconfig-push 10.8.0.5 255.255.255.0
  81. ###
  82.  
  83. $ nano /etc/openvpn/easy-rsa/keys/client3.ovpn
  84. ###
  85. client
  86. dev tun
  87. proto udp
  88. remote <your-server-ip-address> 1194
  89. cipher AES-256-CBC
  90. auth SHA512
  91. auth-nocache
  92. tls-version-min 1.2
  93. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  94. resolv-retry infinite
  95. compress lz4
  96. nobind
  97. persist-key
  98. persist-tun
  99. mute-replay-warnings
  100. verb 3
  101. ca ca.crt
  102. cert client3.crt
  103. key client3.key
  104. ###
  105.  
  106. $ nano /etc/openvpn/easy-rsa/keys/client4.ovpn
  107. ###
  108. client
  109. dev tun
  110. proto udp
  111. remote <your-server-ip-address> 1194
  112. cipher AES-256-CBC
  113. auth SHA512
  114. auth-nocache
  115. tls-version-min 1.2
  116. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  117. resolv-retry infinite
  118. compress lz4
  119. nobind
  120. persist-key
  121. persist-tun
  122. mute-replay-warnings
  123. verb 3
  124. ca ca.crt
  125. cert client4.crt
  126. key client4.key
  127. ###
  128.  
  129. $ nano /etc/openvpn/easy-rsa/keys/client5.ovpn
  130. ###
  131. client
  132. dev tun
  133. proto udp
  134. remote <your-server-ip-address> 1194
  135. cipher AES-256-CBC
  136. auth SHA512
  137. auth-nocache
  138. tls-version-min 1.2
  139. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  140. resolv-retry infinite
  141. compress lz4
  142. nobind
  143. persist-key
  144. persist-tun
  145. mute-replay-warnings
  146. verb 3
  147. ca ca.crt
  148. cert client5.crt
  149. key client5.key
  150. ###
  151.  
  152. $ systemctl start openvpn@server
  153.  
  154. $ systemctl enable openvpn@server
  155.  
  156. $ systemctl status openvpn@server
  157.  
  158. $ ip a show tun0
  159. # To find server connection status and ip address
  160.  
  161. $ ls /usr/share/easy-rsa/keys
  162. # This contains files needed by clients
  163.  
  164. ##########
  165. # CLIENT 3
  166. ##########
  167. Install OpenVPN
  168.  
  169. Copy these files from server /usr/share/easy-rsa/keys/
  170. to C:\Users\<your-client3-pc-username>\OpenVPN\config
  171. - ca.crt
  172. - client3.crt
  173. - client3.key
  174. - client3.ovpn
  175.  
  176. Run OpenVPN GUI and Connect.
  177.  
  178. ##########
  179. # CLIENT 4
  180. ##########
  181. Install OpenVPN
  182.  
  183. Copy these files from server /usr/share/easy-rsa/keys/
  184. to C:\Users\<your-client4-pc-username>\OpenVPN\config
  185. - ca.crt
  186. - client4.crt
  187. - client4.key
  188. - client4.ovpn
  189.  
  190. Run OpenVPN GUI and Connect.
  191.  
  192. ##########
  193. # CLIENT 5
  194. ##########
  195. Install OpenVPN
  196.  
  197. Copy these files from server /usr/share/easy-rsa/keys/
  198. to C:\Users\<your-client5-pc-username>\OpenVPN\config
  199. - ca.crt
  200. - client5.crt
  201. - client5.key
  202. - client5.ovpn
  203.  
  204. Run OpenVPN GUI and Connect.
  205.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!