Setup OpenVPN
This is very rough at the moment, i have to go through it at some point and tidy it up, the reason its in this rough state was because i was writing it while setting it up on my virtual server, however, its not possible to set this up on it, totally unrelated to this guide though, its just the configuration of the virtual server doesnt allow it.
If you find anything wrong, or have any suggestions, please let me know.
apt-get install openvpn
Create configuration file for the server in /etc/openvpn/server.conf:
port 2746
proto udp
dev tap
;dev-node tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0 # vpn subnet
ifconfig-pool-persist ipp.txt
;push “route 192.168.1.0 255.255.255.0″ # home subnet
;duplicate-cn
keepalive 10 120
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
;status openvpn-status.log
;log-append openvpn.log
verb 10
mute 20
;client-to-client
;client-config-dir ccd “route 134.33.0.0 255.255.0.0″
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
nano vars
change to your settings
source ./vars
./clean-all
build the certificate authority certificate and key by invoking the interactive openssl command.
./build-ca
Generate certificates & keys for server:
./build-key server
A challenge password []:
An optional company name []:
press enter on both
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
type y for both
Generate certificates & keys for client
./build-key client1
A challenge password []:
An optional company name []:
press enter on both
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
type y for both
Generate Diffie Hellman parameters
./build-dh
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt /etc/openvpn/ca.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.crt /etc/openvpn/server.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn/dh1024.pem
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.key /etc/openvpn/server.key
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt /home/lockstock/ca.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/kode.crt /home/lockstock/client1.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/kode.key /home/lockstock/client1.key
download files to ur clients config folder
client.conf / client.opvm
remote your.ddns.host 2746
client
dev tap
proto udp
resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 4
mute 20
