The World According To Vissie

User Tools

Site Tools

Trace:
openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
openvpn [2021/11/10 00:17] – [Here is my steps] vissieopenvpn [2021/11/10 03:39] (current) – [Here is my steps] vissie
Line 39: Line 39:
   sudo cp ./pki/private/server.key /etc/openvpn/   sudo cp ./pki/private/server.key /etc/openvpn/
   ./easyrsa sign-req server server   ./easyrsa sign-req server server
 +  sudo cp ./pki/issued/server.crt /etc/openvpn/
 +  sudo cp ./pki/ca.crt /etc/openvpn/
   ./easyrsa gen-dh   ./easyrsa gen-dh
   sudo openvpn --genkey --secret ta.key   sudo openvpn --genkey --secret ta.key
Line 75: Line 77:
   push "dhcp-option DNS 208.67.220.220"   push "dhcp-option DNS 208.67.220.220"
   # Optional!   # Optional!
-  port 443+  port 11
   # Optional!   # Optional!
   proto tcp   proto tcp
Line 128: Line 130:
   DEFAULT_FORWARD_POLICY="ACCEPT"   DEFAULT_FORWARD_POLICY="ACCEPT"
   ...   ...
-  sudo ufw allow 443/tcp+  sudo ufw allow 1194/udp
   sudo ufw allow OpenSSH   sudo ufw allow OpenSSH
 ===Step 7 — Starting and Enabling the OpenVPN Service=== ===Step 7 — Starting and Enabling the OpenVPN Service===
 +  sudo systemctl start openvpn@server
 +  sudo systemctl status openvpn@server
 +  sudo systemctl enable openvpn@server
 +===Step 8 — Creating the Client Configuration Infrastructure===
 +  mkdir -p ~/client-configs/files
 +  cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf
 +  vim ~/client-configs/base.conf
 +  ...
 +  remote my.server.com 1194
 +  proto udp
 +  # Downgrade privileges after initialization (non-Windows only)
 +  user nobody
 +  group nogroup
 +  #ca ca.crt
 +  #cert client.crt
 +  #key client.key
 +  #tls-auth ta.key 1
 +  cipher AES-256-CBC
 +  auth SHA256
 +  key-direction 1
 +  # Finally, add a few commented out lines. Although you can include these directives in every client configuration file, you only need to enable them for Linux clients 
 +  # that ship with an /etc/openvpn/update-resolv-conf file. This script uses the resolvconf utility to update DNS information for Linux clients.
 +  # script-security 2
 +  # up /etc/openvpn/update-resolv-conf
 +  # down /etc/openvpn/update-resolv-conf
 +  ...
 +  vim ~/client-configs/make_config.sh
 +  
 +  #!/bin/bash
  
 +# First argument: Client identifier
 +<sxh bash; gutter: false>
 +KEY_DIR=/home/sammy/client-configs/keys
 +OUTPUT_DIR=/home/sammy/client-configs/files
 +BASE_CONFIG=/home/sammy/client-configs/base.conf
 +
 +cat ${BASE_CONFIG} \
 +    <(echo -e '<ca>') \
 +    ${KEY_DIR}/ca.crt \
 +    <(echo -e '</ca>\n<cert>') \
 +    ${KEY_DIR}/${1}.crt \
 +    <(echo -e '</cert>\n<key>') \
 +    ${KEY_DIR}/${1}.key \
 +    <(echo -e '</key>\n<tls-auth>') \
 +    ${KEY_DIR}/ta.key \
 +    <(echo -e '</tls-auth>') \
 +    > ${OUTPUT_DIR}/${1}.ovpn
 +</sxh>
 +  chmod 700 ~/client-configs/make_config.sh
 +===Step 9 — Generating Client Configurations===  
 +  cd ~/client-configs
 +  sudo ./make_config.sh vissie
 +  ls ~/client-configs/files
 +===Step 10 — Installing the Client Configuration===
 +  sudo apt install openvpn
 +  # Check to see if your distribution includes an /etc/openvpn/update-resolv-conf script:
 +  ls /etc/openvpn
 +  update-resolv-conf
 +  #Next, edit the OpenVPN client configuration file you transfered:
 +  vim client1.ovpn
 +<sxh bash; gutter: false>
 +...
 +script-security 2
 +up /etc/openvpn/update-resolv-conf
 +down /etc/openvpn/update-resolv-conf
 +...
 +</sxh>  
 +  
 +
 +  
 ==== Here is my notes: ====  ==== Here is my notes: ==== 
 Use dig command for determining my public IP address: Use dig command for determining my public IP address:
openvpn.1636532251.txt.gz · Last modified: 2021/11/10 00:17 by vissie

Page Tools