Setup OpenVPN

Setup OpenVPN

This is very rough at the moment, i have to go through it at some point and tidy it up, the reason its in this rough state was because i was writing it while setting it up on my virtual server, however, its not possible to set this up on it, totally unrelated to this guide though, its just the configuration of the virtual server doesnt allow it.

If you find anything wrong, or have any suggestions, please let me know.

apt-get install openvpn

Create configuration file for the server in /etc/openvpn/server.conf:
port 2746
proto udp
dev tap
;dev-node tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0 # vpn subnet
ifconfig-pool-persist ipp.txt
;push “route 192.168.1.0 255.255.255.0″ # home subnet
;duplicate-cn
keepalive 10 120
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
;status openvpn-status.log
;log-append openvpn.log
verb 10
mute 20
;client-to-client
;client-config-dir ccd “route 134.33.0.0 255.255.0.0″

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
nano vars
change to your settings
source ./vars
./clean-all

build the certificate authority certificate and key by invoking the interactive openssl command.
./build-ca

Generate certificates & keys for server:
./build-key server
A challenge password []:
An optional company name []:
press enter on both

Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
type y for both

Generate certificates & keys for client

./build-key client1

A challenge password []:
An optional company name []:
press enter on both

Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
type y for both

Generate Diffie Hellman parameters

./build-dh
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt /etc/openvpn/ca.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.crt /etc/openvpn/server.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn/dh1024.pem
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.key /etc/openvpn/server.key
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt /home/lockstock/ca.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/kode.crt /home/lockstock/client1.crt
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/kode.key /home/lockstock/client1.key

download files to ur clients config folder
client.conf / client.opvm
remote your.ddns.host 2746
client
dev tap
proto udp
resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 4
mute 20

This entry was posted on Monday, November 9th, 2009 at 7:09 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.