Howto set up openVPN (linux server to windows/linux clients)
Posted: January 12th, 2011, 12:08 pm
SERVER (Ubuntu):
(from http://ubuntuforums.org/showpost.php?p= ... ostcount=4)
1. Setup PKI according to link above.
2. Create the keys according to link above. (Build-server is actually Build-key-server, at least on Ubuntu 10.04.)
2. Create the openvpn config file ending in .conf (for example, vpn.conf)
a. Add Key paths
b. set the VPN network in "server" parameter (for me, 10.8.0.0 255.255.255.0)
c. add 'push "redirect-gateway def1 bypass-dhcp"' to the end, if you want internet traffic
d. add 'push "dhcp-option DNS 4.2.2.2"' to the end
e. add 'push "dhcp-option DNS 4.2.2.1"' to the end
f. change diffie hellman path to the 1024 key: i.e., "dh /etc/openvpn/easy-rsa/keys/dh1024.pem"
3a. Turn on IP Forwarding temporarily "sudo sysctl -w net.ipv4.ip_forward=1"
(OR)
3b. Turn IP Forwarding on permanently: edit /etc/sysctl.conf and uncomment ip_forward=1
4. Turn on easy IP Masquerading:
iptables -A POSTROUTING --table nat ! -o tun0 -j MASQUERADE
5. Turn on IP Masq permanently:
/etc/rc.local:
/sbin/iptables -A POSTROUTING --table nat ! -o tun0 -j MASQUERADE
6. Build client certificates for each client from your easy-rsa directory: ./build-key CLIENTNAME
7. "mkdir /var/log/openvpn"
8. "touch /var/log/openvpn/openvpn.log"
9. /etc/init.d/openvpn start vpn (or whatever your conf file is)
CLIENTS:
For Windows clients:
a. Get OpenVPN client from official site (not OpenVPN.se)
b. Edit example config file (/usr/share/doc/openvpn/examples) to use "remote yourvpnserver.com"
c. ADD "route-method exe" and "route-delay 5" to the end
d. Edit ca/cert/key lines to point to the CA certificate and the client's pub/priv keys
e. Make sure dev is "tun"
For linux clients:
a. See example config file, or the client-linux config below.
b. Edit the ca/cert/key lines to point to the correct files.
b. "openvpn client.conf" should work
CLIENT-LINUX:
CLIENT-WINDOWS:
(from http://ubuntuforums.org/showpost.php?p= ... ostcount=4)
1. Setup PKI according to link above.
2. Create the keys according to link above. (Build-server is actually Build-key-server, at least on Ubuntu 10.04.)
2. Create the openvpn config file ending in .conf (for example, vpn.conf)
a. Add Key paths
b. set the VPN network in "server" parameter (for me, 10.8.0.0 255.255.255.0)
c. add 'push "redirect-gateway def1 bypass-dhcp"' to the end, if you want internet traffic
d. add 'push "dhcp-option DNS 4.2.2.2"' to the end
e. add 'push "dhcp-option DNS 4.2.2.1"' to the end
f. change diffie hellman path to the 1024 key: i.e., "dh /etc/openvpn/easy-rsa/keys/dh1024.pem"
3a. Turn on IP Forwarding temporarily "sudo sysctl -w net.ipv4.ip_forward=1"
(OR)
3b. Turn IP Forwarding on permanently: edit /etc/sysctl.conf and uncomment ip_forward=1
4. Turn on easy IP Masquerading:
iptables -A POSTROUTING --table nat ! -o tun0 -j MASQUERADE
5. Turn on IP Masq permanently:
/etc/rc.local:
/sbin/iptables -A POSTROUTING --table nat ! -o tun0 -j MASQUERADE
6. Build client certificates for each client from your easy-rsa directory: ./build-key CLIENTNAME
7. "mkdir /var/log/openvpn"
8. "touch /var/log/openvpn/openvpn.log"
9. /etc/init.d/openvpn start vpn (or whatever your conf file is)
CLIENTS:
For Windows clients:
a. Get OpenVPN client from official site (not OpenVPN.se)
b. Edit example config file (/usr/share/doc/openvpn/examples) to use "remote yourvpnserver.com"
c. ADD "route-method exe" and "route-delay 5" to the end
d. Edit ca/cert/key lines to point to the CA certificate and the client's pub/priv keys
e. Make sure dev is "tun"
For linux clients:
a. See example config file, or the client-linux config below.
b. Edit the ca/cert/key lines to point to the correct files.
b. "openvpn client.conf" should work
CLIENT-LINUX:
Code: Select all
client
dev tun
proto udp
remote SERVER.pmow.org 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert forensicsrouter.crt
key forensicsrouter.key
ns-cert-type server
comp-lzo
verb 3
mute 10Code: Select all
client
dev tun
proto udp
remote SERVER.pmow.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\openvpn\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\openvpn\\easy-rsa\\keys\\GCAM1041.crt"
key "C:\\Program Files\\openvpn\\easy-rsa\\keys\\GCAM1041.key"
ns-cert-type server
comp-lzo
verb 3
mute 10
route-method exe