openVPN

 

Prerequisites

apt-get install libcurl4-openssl-dev libssl-dev

apt-get install checkinstall libncurses5-dev <– optional

apt-get install openssl

apt-get install openvpn

openVPN app from Appstore if you gonna use your openVPN server via iPhone/iPad

###########################################################################

Time to build some keys

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

cd /etc/openvpn/easy-rsa/2.0

. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key <client-name>
./build-dh

Add this to your server.conf

nano /etc/openvpn/server.conf

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
keepalive 30 120

When done with server.conf type this:

sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE

Edit sysctl.conf

nano /etc/sysctl.conf

# If not, uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Edit rc.local

nano /etc/rc.local

iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source <your.internal.server.ip.addr.>

One last thing to type to get your openVPN server running

echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

 

On page 2 we will setup your iPhone/iPad using this openVPN server

Leave a Comment