os:linux:debian:openvpn
This is an old revision of the document!
OpenVPN
- openvpn_install
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add - echo "deb http://build.openvpn.net/debian/openvpn/stable stretch main" > /etc/apt/sources.list.d/openvpn-aptrepo.list apt update && apt install openvpn adduser --system --shell /usr/sbin/nologin --no-create-home ovpn groupadd ovpn usermod -g ovpn ovpn openvpn --genkey --secret /etc/openvpn/server/ta.key openssl genpkey -genparam -algorithm DH -out /etc/openvpn/server/dhp4096.pem -pkeyopt dh_paramgen_prime_len:4096
- easy_rsa
make-cadir ./ca cd ca ln -s openssl-1.0.0.cnf openssl.cnf nano vars #-> edit key default values source ./vars ./clean-all ./build-ca ./build-key-server <common-name> scp ./keys/{ca.crt,<common-name>.crt,<common-name>.key} root@ip:/etc/openvpn/server scp root@ip:/etc/openvpn/server/ta.key ./keys cd ca && source ./vars && ./build-key client1 ./build-key client1
- ufw
ufw allow 1194/udp nano /etc/default/ufw -> DEFAULT_FORWARD_POLICY="ACCEPT" nano /etc/ufw/before.rules # START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
os/linux/debian/openvpn.1513857764.txt.gz · Last modified: 2017/12/21 13:02 by ebaer