coresh · November 20, 2024 18:07 · Mar 13, 2021 · Mar 13, 2021 · Mar 13, 2021 · Mar 13, 2021
diff --git a/_OpenVPN Server for LAN Access only.md b/_OpenVPN Server for LAN Access only.md
@@ -26,7 +26,7 @@ push "route 10.13.37.0 255.255.255.0"
 
 ## Edit client.conf
 
-Comment out the following from client.conf and `/etc/openvpn/server/client-common.txt`
+Comment out the following from `client.conf` and `/etc/openvpn/server/client-common.txt`
 ```
 #ignore-unknown-option block-outside-dns
 #block-outside-dns

diff --git a/_OpenVPN Server for LAN Access only.md b/_OpenVPN Server for LAN Access only.md
@@ -1,11 +1,13 @@
+# How to setup an OpenVPN server for LAN Access only
+
 ## Install OpenVPN
 `wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh`
 
 ## Edit server.conf
 
 `/etc/openvpn/server/server.conf`
 
-Changed the OpenVPN LAN address to prevent interfering with other OpenVPN connections
+Change the OpenVPN LAN address to prevent interfering with other OpenVPN connections
 `server 10.8.0.0 255.255.255.0` to `server 10.5.0.0 255.255.255.0`
 
 Comment out the following so Internet traffic is not routed through 

diff --git a/_OpenVPN Server for LAN Access only → _OpenVPN Server for LAN Access only.md b/_OpenVPN Server for LAN Access only → _OpenVPN Server for LAN Access only.md
diff --git a/0penVPN Server for LAN Access only → _OpenVPN Server for LAN Access only b/0penVPN Server for LAN Access only → _OpenVPN Server for LAN Access only
diff --git a/readme.md → 0penVPN Server for LAN Access only b/readme.md → 0penVPN Server for LAN Access only
diff --git a/readme.md b/readme.md
@@ -24,7 +24,7 @@ push "route 10.13.37.0 255.255.255.0"
 
 ## Edit client.conf
 
-Comment out the following from client.conf and ``/etc/openvpn/server/client-common.txt`
+Comment out the following from client.conf and `/etc/openvpn/server/client-common.txt`
 ```
 #ignore-unknown-option block-outside-dns
 #block-outside-dns

diff --git a/client-common.txt b/client-common.txt
@@ -0,0 +1,12 @@
+client
+dev tun
+proto tcp
+remote X.X.X.X 1337
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+remote-cert-tls server
+auth SHA512
+cipher AES-256-CBC
+verb 3
diff --git a/readme.md b/readme.md
@@ -0,0 +1,48 @@
+## Install OpenVPN
+`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh`
+
+## Edit server.conf
+
+`/etc/openvpn/server/server.conf`
+
+Changed the OpenVPN LAN address to prevent interfering with other OpenVPN connections
+`server 10.8.0.0 255.255.255.0` to `server 10.5.0.0 255.255.255.0`
+
+Comment out the following so Internet traffic is not routed through 
+```
+#push "redirect-gateway def1 bypass-dhcp"
+#push "dhcp-option DNS 1.1.1.1"
+#push "dhcp-option DNS 1.0.0.1"
+```
+
+Add the following so VPN Clients get LAN route
+```
+# 10.13.37.254 is OpenVPN server's LAN IP
+push "route 10.13.37.254 255.255.255.0"
+push "route 10.13.37.0 255.255.255.0"
+```
+
+## Edit client.conf
+
+Comment out the following from client.conf and ``/etc/openvpn/server/client-common.txt`
+```
+#ignore-unknown-option block-outside-dns
+#block-outside-dns
+```
+
+## Add LAN Routes
+
+Add route to DDWRT/Routing.asp so LAN clients can respond
+```
+Destination LAN NET 10.5.0.0
+Subnet Mask 255.255.0.0
+Gateway 10.13.37.254
+```
+
+Add route to VM pfsense/system_routes.php
+```
+Destination network
+10.5.0.0 / 32
+Gateway
+10.13.37.1
+```
diff --git a/server.conf b/server.conf
@@ -0,0 +1,27 @@
+local 10.13.37.254
+port 1337
+proto tcp
+dev tun
+ca ca.crt
+cert server.crt
+key server.key
+dh dh.pem
+auth SHA512
+tls-crypt tc.key
+topology subnet
+server 10.5.0.0 255.255.255.0
+#push "redirect-gateway def1 bypass-dhcp"
+push "route 10.13.37.254 255.255.255.0"
+push "route 10.13.37.0 255.255.255.0"
+ifconfig-pool-persist ipp.txt
+#push "dhcp-option DNS 1.1.1.1"
+#push "dhcp-option DNS 1.0.0.1"
+keepalive 10 120
+cipher AES-256-CBC
+user nobody
+group nogroup
+client-to-client
+persist-key
+persist-tun
+verb 3
+crl-verify crl.pem