apt-get update apt-get upgrade --show-upgraded
apt-get install openvpn udev
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
vi /etc/openvpn/easy-rsa/2.0/vars
export KEY_COUNTRY="US" export KEY_PROVINCE="OH" export KEY_CITY="Oxford" export KEY_ORG="MyCompany" export KEY_EMAIL="squire@example.com"
cd /etc/openvpn/easy-rsa/2.0/ . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/clean-all . /etc/openvpn/easy-rsa/2.0/build-ca
. /etc/openvpn/easy-rsa/2.0/build-key-server name_of_server
# To CREATE key for Client host
. /etc/openvpn/easy-rsa/2.0/build-key name_of_client
# To REVOKE key for Client host
. /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/revoke-full name_of_client
. /etc/openvpn/easy-rsa/2.0/build-dh
cd /etc/openvpn/easy-rsa/2.0/keys cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0/keys/
scp ca.crt, name_of_client.crt, name_of_client.key
# CONFIGURE client
cd /usr/share/doc/openvpn/examples/sample-config-files gunzip -d server.conf.gz cp server.conf /etc/openvpn/ cp client.conf ~/ cd ~/
vi client.conf
proto tcp
remote ip_or_hostname_of_server 1194
ca ca.crt cert name_of_client.crt key name_of_client.key
# If via HTTP Proxy
port 443 proto tcp-client http-proxy proxyserver 8080 http-proxy-retry http-proxy-option AGENT Mozilla/5.0+(Windows;+U;+Windows+NT+5.0;+en-GB;+rv:1.7.6)+Gecko/20050226+Firefox/1.0.1
scp client.conf to CLIENT-HOST config folder
# CONFIGURE server
vi /etc/openvpn/server.conf
proto tcppush "redirect-gateway def1"
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
vi /etc/rc.localiptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
apt-get install dnsmasq
vi /etc/openvpn/server.confpush "dhcp-option DNS 10.8.0.1"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
/etc/init.d/openvpn restart
# to Check if successful
ping 10.8.0.1
check myipaddress from internet
No comments:
Post a Comment