Differences

This shows you the differences between two versions of the page.

--- openvpn [2021/11/10 00:06] – [Here is my steps] vissie
+++ openvpn [2021/11/10 03:39] (current) – [Here is my steps] vissie
@@ Line 9: / Line 9: @@
 ====Here is my steps====
-Step 1 — Installing OpenVPN and EasyRSA
+===Step 1 — Installing OpenVPN and EasyRSA===
   sudo apt install openvpn
   wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
   aunpack ./EasyRSA-3.0.8.tgz
-Step 2 — Configuring the EasyRSA Variables and Building the CA
+===Step 2 — Configuring the EasyRSA Variables and Building the CA===
   cd ./EasyRSA-3.0.8/
   cp vars.example vars
@@ Line 27: / Line 27: @@
   set_var EASYRSA_REQ_EMAIL      "admin@example.com"
   set_var EASYRSA_REQ_OU         "Community"
-Step 3 — Creating the Server Certificate, Key, and Encryption Files
+===Step 3 — Creating the Server Certificate, Key, and Encryption Files===
   ./easyrsa init-pki
   "... Your newly created PKI dir is: /home/vissie/EasyRSA-3.0.8/pki"
@@ Line 39: / Line 39: @@
   sudo cp ./pki/private/server.key /etc/openvpn/
   ./easyrsa sign-req server server
+  sudo cp ./pki/issued/server.crt /etc/openvpn/
+  sudo cp ./pki/ca.crt /etc/openvpn/
   ./easyrsa gen-dh
   sudo openvpn --genkey --secret ta.key
   sudo cp ./ta.key /etc/openvpn/
   sudo cp ./pki/dh.pem /etc/openvpn/
-Step 4 — Generating a Client Certificate and Key Pair
+===Step 4 — Generating a Client Certificate and Key Pair===
   cd ~
   mkdir -p ~/client-configs/keys
@@ Line 56: / Line 58: @@
   sudo cp ~/EasyRSA-3.0.8/ta.key ~/client-configs/keys/
   sudo cp /etc/openvpn/ca.crt ~/client-configs/keys/
-Step 5 — Configuring the OpenVPN Service
+===Step 5 — Configuring the OpenVPN Service===
   sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
   sudo gzip -d /etc/openvpn/server.conf.gz
@@ Line 75: / Line 77: @@
   push "dhcp-option DNS 208.67.220.220"
   # Optional!
-  port 443
+  port 11
   # Optional!
   proto tcp
@@ Line 81: / Line 83: @@
   explicit-exit-notify 0
   ...
-Step 6 — Adjusting the Server Networking Configuration
+===Step 6 — Adjusting the Server Networking Configuration===
   sudo vim /etc/sysctl.conf
   ...
@@ Line 99: / Line 101: @@
   # from the VPN. Remember to replace eth0 in the -A POSTROUTING line below with the interface you found in the above command:
-/etc/ufw/before.rules
+<sxh bash; gutter: false>
 #
 # rules.before
@@ Line 122: / Line 124: @@
 *filter
 . . .
+</sxh>
+  sudo vim /etc/default/ufw
+  ...
+  DEFAULT_FORWARD_POLICY="ACCEPT"
+  ...
+  sudo ufw allow 1194/udp
+  sudo ufw allow OpenSSH
+===Step 7 — Starting and Enabling the OpenVPN Service===
+  sudo systemctl start openvpn@server
+  sudo systemctl status openvpn@server
+  sudo systemctl enable openvpn@server
+===Step 8 — Creating the Client Configuration Infrastructure===
+  mkdir -p ~/client-configs/files
+  cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
+  vim ~/client-configs/base.conf
+  ...
+  remote my.server.com 1194
+  proto udp
+  # Downgrade privileges after initialization (non-Windows only)
+  user nobody
+  group nogroup
+  #ca ca.crt
+  #cert client.crt
+  #key client.key
+  #tls-auth ta.key 1
+  cipher AES-256-CBC
+  auth SHA256
+  key-direction 1
+  # Finally, add a few commented out lines. Although you can include these directives in every client configuration file, you only need to enable them for Linux clients
+  # that ship with an /etc/openvpn/update-resolv-conf file. This script uses the resolvconf utility to update DNS information for Linux clients.
+  # script-security 2
+  # up /etc/openvpn/update-resolv-conf
+  # down /etc/openvpn/update-resolv-conf
+  ...
+  vim ~/client-configs/make_config.sh
+  #!/bin/bash
+# First argument: Client identifier
+<sxh bash; gutter: false>
+KEY_DIR=/home/sammy/client-configs/keys
+OUTPUT_DIR=/home/sammy/client-configs/files
+BASE_CONFIG=/home/sammy/client-configs/base.conf
+cat ${BASE_CONFIG} \
+    <(echo -e '<ca>') \
+    ${KEY_DIR}/ca.crt \
+    <(echo -e '</ca>\n<cert>') \
+    ${KEY_DIR}/${1}.crt \
+    <(echo -e '</cert>\n<key>') \
+    ${KEY_DIR}/${1}.key \
+    <(echo -e '</key>\n<tls-auth>') \
+    ${KEY_DIR}/ta.key \
+    <(echo -e '</tls-auth>') \
+    > ${OUTPUT_DIR}/${1}.ovpn
+</sxh>
+  chmod 700 ~/client-configs/make_config.sh
+===Step 9 — Generating Client Configurations===
+  cd ~/client-configs
+  sudo ./make_config.sh vissie
+  ls ~/client-configs/files
+===Step 10 — Installing the Client Configuration===
+  sudo apt install openvpn
+  # Check to see if your distribution includes an /etc/openvpn/update-resolv-conf script:
+  ls /etc/openvpn
+  update-resolv-conf
+  #Next, edit the OpenVPN client configuration file you transfered:
+  vim client1.ovpn
+<sxh bash; gutter: false>
+...
+script-security 2
+up /etc/openvpn/update-resolv-conf
+down /etc/openvpn/update-resolv-conf
+...
+</sxh>
 ==== Here is my notes: ====

The World According To Vissie

User Tools

Site Tools

Differences

Page Tools