Openvpn on Debian: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 32: | Line 32: | ||
verb 3 | verb 3 | ||
explicit-exit-notify 1 | explicit-exit-notify 1 | ||
</pre> | |||
copy easyrsa to location. | |||
Then | |||
cd easy-rsa | |||
source ./vars | |||
./clean-all | |||
./build-ca | |||
cd keys/ | |||
./build-key-server server | |||
./build-dh | |||
openvpn --genkey --secret keys/ta.key | |||
cd .. | |||
tar cvfz easy-rsa.backup.tgz easy-rsa | |||
chmod 600 easy-rsa.backup.tgz | |||
./build-key client1 | |||
./build-key client2 | |||
./build-key client3 | |||
add below to rc.local | |||
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | |||
if you want to add a passphrase to a key, do below: | |||
ssh-keygen -p -f client1.key |
Revision as of 20:23, 20 March 2018
server example with routing:
port 1194 proto udp dev tun ca server/ca.crt cert server/server.crt key server/server.key # This file should be kept secret dh server/dh2048.pem server 10.8.0.0 255.255.255.0 push "route 192.168.0.0 255.255.255.0" push "route 192.168.1.0 255.255.255.0" push "route 192.168.2.0 255.255.255.0" push "route 192.168.3.0 255.255.255.0" push "route 192.168.4.0 255.255.255.0" push "route 192.168.5.0 255.255.255.0" push "dhcp-option DNS 8.8.8.8" ifconfig-pool-persist ipp.txt keepalive 10 120 tls-auth server/ta.key 0 # This file is secret key-direction 0 cipher AES-256-CBC auth SHA256 compress lz4-v2 push "compress lz4-v2" max-clients 100 user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1
copy easyrsa to location. Then
cd easy-rsa source ./vars ./clean-all ./build-ca cd keys/ ./build-key-server server ./build-dh openvpn --genkey --secret keys/ta.key cd .. tar cvfz easy-rsa.backup.tgz easy-rsa chmod 600 easy-rsa.backup.tgz ./build-key client1 ./build-key client2 ./build-key client3
add below to rc.local
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
if you want to add a passphrase to a key, do below:
ssh-keygen -p -f client1.key