sohotcall

Setting OpenVPN Debian - Fixed Client IP Address

Sep 17th, 2020 (edited)
92
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ########
  2. # SERVER
  3. ########
  4.  
  5. $ apt-get update -y
  6.  
  7. $ apt-get upgrade -y
  8.  
  9. $ apt-get install openvpn -y
  10.  
  11. $ cp -r /usr/share/easy-rsa /etc/openvpn
  12.  
  13. $ cd /etc/openvpn/easy-rsa
  14.  
  15. $ ln -s openssl-1.0.0.cnf openssl.cnf
  16.  
  17. $ . ./vars
  18.  
  19. $ ./clean-all
  20.  
  21. $ ./build-ca
  22.  
  23. $ ./build-key-server server
  24.  
  25. $ ./build-key client3
  26.  
  27. $ ./build-key client4
  28.  
  29. $ ./build-key client5
  30.  
  31. $ ./build-dh
  32.  
  33. $ mkdir /etc/openvpn/staticclients
  34.  
  35. $ nano /etc/openvpn/server.conf
  36. # You may need to change dh2048.pem filename, find it in /etc/openvpn/easy-rsa/keys/
  37. ###
  38. port 1194
  39. proto udp
  40. dev tun
  41. ca /etc/openvpn/easy-rsa/keys/ca.crt
  42. cert /etc/openvpn/easy-rsa/keys/server.crt
  43. key /etc/openvpn/easy-rsa/keys/server.key
  44. dh /etc/openvpn/easy-rsa/keys/dh2048.pem
  45. server 10.8.0.0 255.255.255.0
  46. #push "redirect-gateway def1"
  47. topology subnet
  48. client-config-dir /etc/openvpn/staticclients
  49. push "dhcp-option DNS 208.67.222.222"
  50. push "dhcp-option DNS 208.67.220.220"
  51. duplicate-cn
  52. cipher AES-256-CBC
  53. tls-version-min 1.2
  54. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA25>
  55. auth SHA512
  56. auth-nocache
  57. keepalive 20 60
  58. persist-key
  59. persist-tun
  60. compress lz4
  61. daemon
  62. user nobody
  63. group nogroup
  64. log-append /var/log/openvpn.log
  65. verb 3
  66. ###
  67.  
  68. $ nano /etc/openvpn/staticclients/client3
  69. ###
  70. ifconfig-push 10.8.0.3 255.255.255.0
  71. ###
  72.  
  73. $ nano /etc/openvpn/staticclients/client4
  74. ###
  75. ifconfig-push 10.8.0.4 255.255.255.0
  76. ###
  77.  
  78. $ nano /etc/openvpn/staticclients/client5
  79. ###
  80. ifconfig-push 10.8.0.5 255.255.255.0
  81. ###
  82.  
  83. $ nano /etc/openvpn/easy-rsa/keys/client3.ovpn
  84. ###
  85. client
  86. dev tun
  87. proto udp
  88. remote <your-server-ip-address> 1194
  89. cipher AES-256-CBC
  90. auth SHA512
  91. auth-nocache
  92. tls-version-min 1.2
  93. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  94. resolv-retry infinite
  95. compress lz4
  96. nobind
  97. persist-key
  98. persist-tun
  99. mute-replay-warnings
  100. verb 3
  101. ca ca.crt
  102. cert client3.crt
  103. key client3.key
  104. ###
  105.  
  106. $ nano /etc/openvpn/easy-rsa/keys/client4.ovpn
  107. ###
  108. client
  109. dev tun
  110. proto udp
  111. remote <your-server-ip-address> 1194
  112. cipher AES-256-CBC
  113. auth SHA512
  114. auth-nocache
  115. tls-version-min 1.2
  116. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  117. resolv-retry infinite
  118. compress lz4
  119. nobind
  120. persist-key
  121. persist-tun
  122. mute-replay-warnings
  123. verb 3
  124. ca ca.crt
  125. cert client4.crt
  126. key client4.key
  127. ###
  128.  
  129. $ nano /etc/openvpn/easy-rsa/keys/client5.ovpn
  130. ###
  131. client
  132. dev tun
  133. proto udp
  134. remote <your-server-ip-address> 1194
  135. cipher AES-256-CBC
  136. auth SHA512
  137. auth-nocache
  138. tls-version-min 1.2
  139. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  140. resolv-retry infinite
  141. compress lz4
  142. nobind
  143. persist-key
  144. persist-tun
  145. mute-replay-warnings
  146. verb 3
  147. ca ca.crt
  148. cert client5.crt
  149. key client5.key
  150. ###
  151.  
  152. $ systemctl start openvpn@server
  153.  
  154. $ systemctl enable openvpn@server
  155.  
  156. $ systemctl status openvpn@server
  157.  
  158. $ ip a show tun0
  159. # To find server connection status and ip address
  160.  
  161. $ ls /usr/share/easy-rsa/keys
  162. # This contains files needed by clients
  163.  
  164. ##########
  165. # CLIENT 3
  166. ##########
  167. Install OpenVPN
  168.  
  169. Copy these files from server /usr/share/easy-rsa/keys/
  170. to C:\Users\<your-client3-pc-username>\OpenVPN\config
  171. - ca.crt
  172. - client3.crt
  173. - client3.key
  174. - client3.ovpn
  175.  
  176. Run OpenVPN GUI and Connect.
  177.  
  178. ##########
  179. # CLIENT 4
  180. ##########
  181. Install OpenVPN
  182.  
  183. Copy these files from server /usr/share/easy-rsa/keys/
  184. to C:\Users\<your-client4-pc-username>\OpenVPN\config
  185. - ca.crt
  186. - client4.crt
  187. - client4.key
  188. - client4.ovpn
  189.  
  190. Run OpenVPN GUI and Connect.
  191.  
  192. ##########
  193. # CLIENT 5
  194. ##########
  195. Install OpenVPN
  196.  
  197. Copy these files from server /usr/share/easy-rsa/keys/
  198. to C:\Users\<your-client5-pc-username>\OpenVPN\config
  199. - ca.crt
  200. - client5.crt
  201. - client5.key
  202. - client5.ovpn
  203.  
  204. Run OpenVPN GUI and Connect.
  205.  
RAW Paste Data