Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Well here it is, my one long command to set up OpenVPN on Ubuntu 14.04 x64.

sudo su
apt-get update
apt-get install -y openvpn easy-rsa ufw 
cd /usr/share/doc/openvpn/examples/sample-config-files/ 
gunzip server.conf.gz
cp server.conf /etc/openvpn/server.conf
nano /etc/openvpn/server.conf && nano /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
service ufw stop
nano /etc/default/ufw && nano /etc/ufw/before.rules 
service ufw start
cp -r /usr/share/easy-rsa/ /etc/openvpn
nano /etc/openvpn/easy-rsa/vars
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
mv /etc/openvpn/easy-rsa/keys/{server.crt,server.key} /etc/openvpn
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn
./build-key client1
cp /etc/openvpn/ca.crt /tmp
mv /etc/openvpn/easy-rsa/keys/client1.crt /tmp
mv /etc/openvpn/easy-rsa/keys/client1.key /tmp
iptables -A INPUT -i tun+ -j ACCEPT
ufw allow 1194/tcp
ufw allow 1194/udp
service openvpn start

 

--When asked to sign certs (y/n) select yes and commit. If you filled in Vars you can just hit enter and it will enter whatever is inside of [whatever] [Update] I read to always fill in CommonName by hand and make sure its "server"

--now the 3 files you need for client are in /tmp and have 777 perm to copy to client !!!!!! (will be deleted upon reboot!!!)

--edit accordingly

 

###(/etc/sysctl.conf)

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

###(/etc/default/ufw)

# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="ACCEPT"

###(/etc/ufw/before.rules) --Make the top of your before.rules file look like below. The area for OPENVPN RULES must be added:

 #
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

# Don't delete these required lines, otherwise there will be errors

###(/etc/openvpn/easy-rsa/vars) - Make sure to change export KEY_NAME="server" this MUST be "server" not "EasyRSA"
export KEY_COUNTRY="US"
export KEY_PROVINCE="TX"
export KEY_CITY="Dallas"
export KEY_ORG="My Company Name"
export KEY_EMAIL="sammy@example.com"
export KEY_OU="MYOrganizationalUnit"

export KEY_NAME="server"  -- Must say "server"
  • No labels

1 Comment

  1. Anonymous

    In some systems, there might be a need to add the ff. to /etc/openvpn/easy-rsa/vars so that the build script (i.e., ./build-ca) doesn't complain:

    export KEY_ALTNAMES="something"