Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Copy server.crt,server.key,ca.crt,dh2048.pem to /tmp

sudo su
apt-get update && apt-get install -y openvpn easy-rsa ufw && cd /usr/share/doc/openvpn/examples/sample-config-files/ && gunzip server.conf.gz && cp server.conf /etc/openvpn/server.conf && nano /etc/openvpn/server.conf && nano /etc/sysctl.conf && sysctl -p /etc/sysctl.conf && service ufw stop && nano /etc/default/ufw && nano /etc/ufw/before.rules && service ufw start && iptables -A INPUT -i tun+ -j ACCEPT && ufw allow 1194/tcp && ufw allow 1194/udp && mv /tmp/{server.crt,server.key,ca.crt,dh2048.pem} /etc/openvpn/ && service openvpn start

--edit accordingly

###(/etc/openvpn/server.conf)

# TCP or UDP server?
proto tcp
;proto udp

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh2048.pem

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0"

# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

 

###(/etc/sysctl.conf)

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

 

###(/etc/default/ufw)

# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="ACCEPT" 

 

###(/etc/ufw/before.rules) --Make the top of your before.rules file look like below. The area for OPENVPN RULES must be added:

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

# Don't delete these required lines, otherwise there will be errors
  • No labels