Friday, June 17, 2011

Install OpenVPN Linux Server and Windows Client

apt-get update apt-get upgrade --show-upgraded
apt-get install openvpn udev
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

vi /etc/openvpn/easy-rsa/2.0/vars
export KEY_COUNTRY="US" export KEY_PROVINCE="OH" export KEY_CITY="Oxford" export KEY_ORG="MyCompany" export KEY_EMAIL="squire@example.com"

cd /etc/openvpn/easy-rsa/2.0/ . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/clean-all . /etc/openvpn/easy-rsa/2.0/build-ca

. /etc/openvpn/easy-rsa/2.0/build-key-server name_of_server

# To CREATE key for Client host
. /etc/openvpn/easy-rsa/2.0/build-key name_of_client

# To REVOKE key for Client host
. /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/revoke-full name_of_client

. /etc/openvpn/easy-rsa/2.0/build-dh

cd /etc/openvpn/easy-rsa/2.0/keys cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn


cd /etc/openvpn/easy-rsa/2.0/keys/

scp ca.crt, name_of_client.crt, name_of_client.key

# CONFIGURE client
cd /usr/share/doc/openvpn/examples/sample-config-files gunzip -d server.conf.gz cp server.conf /etc/openvpn/ cp client.conf ~/ cd ~/

vi client.conf
proto tcp
remote ip_or_hostname_of_server 1194
ca ca.crt cert name_of_client.crt key name_of_client.key

# If via HTTP Proxy
port 443 proto tcp-client http-proxy proxyserver 8080 http-proxy-retry http-proxy-option AGENT Mozilla/5.0+(Windows;+U;+Windows+NT+5.0;+en-GB;+rv:1.7.6)+Gecko/20050226+Firefox/1.0.1


scp client.conf to CLIENT-HOST config folder

# CONFIGURE server
vi /etc/openvpn/server.conf
proto tcppush "redirect-gateway def1"

vi /etc/sysctl.conf
net.ipv4.ip_forward=1

vi /etc/rc.localiptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
apt-get install dnsmasq

vi /etc/openvpn/server.confpush "dhcp-option DNS 10.8.0.1"


echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE


/etc/init.d/openvpn restart


# to Check if successful
ping 10.8.0.1

check myipaddress from internet
Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)