Openvpn on Debian

From lippmann wiki
Revision as of 20:23, 20 March 2018 by Maarten (talk | contribs)
Jump to navigation Jump to search

server example with routing:

port 1194
proto udp
dev tun
ca server/ca.crt
cert server/server.crt
key server/server.key  # This file should be kept secret
dh server/dh2048.pem
server 10.8.0.0  255.255.255.0
push "route 192.168.0.0  255.255.255.0"
push "route 192.168.1.0  255.255.255.0"
push "route 192.168.2.0  255.255.255.0"
push "route 192.168.3.0  255.255.255.0"
push "route 192.168.4.0  255.255.255.0"
push "route 192.168.5.0  255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth server/ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
auth SHA256
compress lz4-v2
push "compress lz4-v2"
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

copy easyrsa to location. Then

cd easy-rsa
source ./vars
./clean-all
./build-ca
cd keys/
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key
cd ..
tar cvfz easy-rsa.backup.tgz easy-rsa
chmod 600 easy-rsa.backup.tgz
./build-key client1
./build-key client2
./build-key client3

add below to rc.local

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

if you want to add a passphrase to a key, do below:

ssh-keygen -p -f client1.key