Configuration of OpenVPN

Configiration of OpenVPN

  1. Install OpenVPN sudo apt install openvpn -y

  2. Make a CA Directory make-cadir ~/openvpn-ca

  3. Create Certificate Authority (CA)

    • Install easy-rsa sudo apt install easy-rsa -y
    • Initialize RSA ./easyrsa init-pki
    • Create CA ./easyrsa build-ca nopass
  4. Generate certificate for server

    • Generate server key and sign the key ./easyrsa gen-req server nopass ./easyrsa sign-req server server
    • Generate DH ./easyrsa gen-dh
    • Generate TLS authentication openvpn --genkey --secret ta.key
  5. Generate Certificate for Client

    • Generate client key and sign the key ./easyrsa gen-req clientname nopass ./easyrsa sign-req client clientname
  6. Edit the configuration of Server

    • Copy the config sample file from /usr/share/doc/openvpn/examples/sample-config-files/server.conf to /etc/openvpn/server
    • Copy the files (ca.crt, server.crt, server.key, dh.pem, ta.key) to /etc/openvpn
  7. Start the OpenVPN service on server sudo systemctl start openvpn@server

  8. Edit the configuration of Client

    • Copy the config sample file from /usr/share/doc/openvpn/examples/sample-config-files (change the extension name to ovpn if on windows)
    • change the server IP in the conf file
    • Copy the files (ca.crt, client.crt, client.key, ta.key) to client device
  9. Windows OpenVPN client connection

    • import the ovpn file and connect

Route all the traffic from the client go though the server (IPv4 and IPv6)

  1. Enable IP forwarding
    • Edit the server.conf
    • /etc/sysctl.conf
    • enable net.ipv4.ip_forward = 1 (IPv4)
    • net.ipv6.conf.all.forwarding = 1 (IPv6)
    • Apply sudo sysctl -p
  2. Enable NAT
    • iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    • ip6tables -t nat -A POSTROUTING -s 2001:db8:0:123::/64 -o eth0 -j MASQUERADE
  3. Config the network (server.conf)
    • server 10.8.0.0 255.255.255.0
    • server-ipv6 2001:db8:0:123::/64
  4. Push the default gateway to client (server.conf)
    • edit the /etc/openvpn/server.conf
    • enable push "redirect-gateway def1 bypass-dhcp" (IPv4)
    • push "route-ipv6 2000::/3" (Ipv6)
    • push "redirect-gateway ipv6"(Ipv6)
  5. Add proto (server.conf)
    • proto udp6
  6. Restart openvpn@server
  7. Edit the client configuration
    • add remote your_server_ipv4_address 1194
    • add remote your_server_ipv6_address 1194

Leave a Comment

Your email address will not be published. Required fields are marked *