Welcome to FreeSoftwareServers Confluence Wiki

Well here it is, my one long command to set up OpenVPN on Ubuntu 14.04 x64.

sudo su
apt-get update
apt-get install -y openvpn easy-rsa ufw 
cd /usr/share/doc/openvpn/examples/sample-config-files/ 
gunzip server.conf.gz
cp server.conf /etc/openvpn/server.conf
nano /etc/openvpn/server.conf && nano /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
service ufw stop
nano /etc/default/ufw && nano /etc/ufw/before.rules 
service ufw start
cp -r /usr/share/easy-rsa/ /etc/openvpn
nano /etc/openvpn/easy-rsa/vars
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
mv /etc/openvpn/easy-rsa/keys/{server.crt,server.key} /etc/openvpn
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn
./build-key client1
cp /etc/openvpn/ca.crt /tmp
mv /etc/openvpn/easy-rsa/keys/client1.crt /tmp
mv /etc/openvpn/easy-rsa/keys/client1.key /tmp
iptables -A INPUT -i tun+ -j ACCEPT
ufw allow 1194/tcp
ufw allow 1194/udp
service openvpn start

 

--When asked to sign certs (y/n) select yes and commit. If you filled in Vars you can just hit enter and it will enter whatever is inside of [whatever] [Update] I read to always fill in CommonName by hand and make sure its "server"

--now the 3 files you need for client are in /tmp and have 777 perm to copy to client !!!!!! (will be deleted upon reboot!!!)

--edit accordingly

 

###(/etc/sysctl.conf)

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

###(/etc/default/ufw)

# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="ACCEPT"

###(/etc/ufw/before.rules) --Make the top of your before.rules file look like below. The area for OPENVPN RULES must be added:

 #
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

# Don't delete these required lines, otherwise there will be errors

###(/etc/openvpn/easy-rsa/vars) - Make sure to change export KEY_NAME="server" this MUST be "server" not "EasyRSA"
export KEY_COUNTRY="US"
export KEY_PROVINCE="TX"
export KEY_CITY="Dallas"
export KEY_ORG="My Company Name"
export KEY_EMAIL="sammy@example.com"
export KEY_OU="MYOrganizationalUnit"

export KEY_NAME="server"  -- Must say "server"
  • No labels

1 Comment

  1. Anonymous

    In some systems, there might be a need to add the ff. to /etc/openvpn/easy-rsa/vars so that the build script (i.e., ./build-ca) doesn't complain:

    export KEY_ALTNAMES="something"