Forked from GlitchWitch/_OpenVPN Server for LAN Access only.md
Created
November 20, 2024 18:07
-
-
Save coresh/41ea07f597a67d0a27992198575d1838 to your computer and use it in GitHub Desktop.
OpenVPN Server for LAN Access only (no internet forwarding)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Install OpenVPN | |
| `wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` | |
| ## Edit server.conf | |
| `/etc/openvpn/server/server.conf` | |
| Changed the OpenVPN LAN address to prevent interfering with other OpenVPN connections | |
| `server 10.8.0.0 255.255.255.0` to `server 10.5.0.0 255.255.255.0` | |
| Comment out the following so Internet traffic is not routed through | |
| ``` | |
| #push "redirect-gateway def1 bypass-dhcp" | |
| #push "dhcp-option DNS 1.1.1.1" | |
| #push "dhcp-option DNS 1.0.0.1" | |
| ``` | |
| Add the following so VPN Clients get LAN route | |
| ``` | |
| # 10.13.37.254 is OpenVPN server's LAN IP | |
| push "route 10.13.37.254 255.255.255.0" | |
| push "route 10.13.37.0 255.255.255.0" | |
| ``` | |
| ## Edit client.conf | |
| Comment out the following from client.conf and `/etc/openvpn/server/client-common.txt` | |
| ``` | |
| #ignore-unknown-option block-outside-dns | |
| #block-outside-dns | |
| ``` | |
| ## Add LAN Routes | |
| Add route to DDWRT/Routing.asp so LAN clients can respond | |
| ``` | |
| Destination LAN NET 10.5.0.0 | |
| Subnet Mask 255.255.0.0 | |
| Gateway 10.13.37.254 | |
| ``` | |
| Add route to VM pfsense/system_routes.php | |
| ``` | |
| Destination network | |
| 10.5.0.0 / 32 | |
| Gateway | |
| 10.13.37.1 | |
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| client | |
| dev tun | |
| proto tcp | |
| remote X.X.X.X 1337 | |
| resolv-retry infinite | |
| nobind | |
| persist-key | |
| persist-tun | |
| remote-cert-tls server | |
| auth SHA512 | |
| cipher AES-256-CBC | |
| verb 3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local 10.13.37.254 | |
| port 1337 | |
| proto tcp | |
| dev tun | |
| ca ca.crt | |
| cert server.crt | |
| key server.key | |
| dh dh.pem | |
| auth SHA512 | |
| tls-crypt tc.key | |
| topology subnet | |
| server 10.5.0.0 255.255.255.0 | |
| #push "redirect-gateway def1 bypass-dhcp" | |
| push "route 10.13.37.254 255.255.255.0" | |
| push "route 10.13.37.0 255.255.255.0" | |
| ifconfig-pool-persist ipp.txt | |
| #push "dhcp-option DNS 1.1.1.1" | |
| #push "dhcp-option DNS 1.0.0.1" | |
| keepalive 10 120 | |
| cipher AES-256-CBC | |
| user nobody | |
| group nogroup | |
| client-to-client | |
| persist-key | |
| persist-tun | |
| verb 3 | |
| crl-verify crl.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment