Last active
September 23, 2020 09:41
-
-
Save schickling/225550662982cad94e77 to your computer and use it in GitHub Desktop.
Revisions
-
schickling revised this gist
Dec 15, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -18,7 +18,7 @@ $ cd /etc/openvpn/easy-rsa $ source vars $ ./clean-all $ ./build-ca $ ./build-key-server server # take server IP as common name $ ./build-key client $ ./build-dh ``` -
Dec 15, 2014 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ ## Install dependencies ```sh $ apt-get install -y openvpn easy-rsa ``` ## Make certificates @@ -74,6 +74,7 @@ verb 3 $ vim /etc/rc.local ``` Replace `xx.xx.xx.xx` with your server IP. ``` iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xx.xx.xx.xx openvpn /etc/openvpn/server.conf -
Jul 21, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,86 @@ ## Preconditions * You need to have `TUN/TAP` enabled  ## Install dependencies ```sh $ apt-get install openvpn easy-rsa ``` ## Make certificates ```sh $ make-cadir /etc/openvpn/easy-rsa $ cd /etc/openvpn/easy-rsa $ source vars $ ./clean-all $ ./build-ca $ ./build-key-server server $ ./build-key client $ ./build-dh ``` ## Download ```sh $ scp [email protected]:/etc/openvpn/easy-rsa/keys/{ca.crt,client.crt,client.key} . ``` ## Prepare forwarding ```sh $ vim /etc/sysctl.conf # uncomment net.ipv4.ip_forward=1 $ sysctl -p ``` ## Configure OpenVPN ```sh $ vim /etc/openvpn/server.conf ``` ``` port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" client-to-client duplicate-cn keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3 ``` ## Prepare autostart ```sh $ vim /etc/rc.local ``` ``` iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xx.xx.xx.xx openvpn /etc/openvpn/server.conf ``` ## Restart ```sh $ reboot ```