See also https openvpn net index php open-source documentation howto h

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# See also:
# * https://openvpn.net/index.php/open-source/documentation/howto.html
# * http://habrahabr.ru/post/188474/
# START
apt-get install -y openvpn easy-rsa
cd /etc/openvpn
cp -r /usr/share/easy-rsa .
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server PROJECT_server
./build-key PROJECT_client
./build-dh
cd /etc/openvpn
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > server.conf
# edit server.conf:
# push "redirect-gateway def1"
# ca /etc/openvpn/easy-rsa/keys/ca.crt
# cert /etc/openvpn/easy-rsa/keys/PROJECT_server.crt
# key /etc/openvpn/easy-rsa/keys/PROJECT_server.key
# dh /etc/openvpn/easy-rsa/keys/dh2048.pem
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf
sysctl -w net.ipv4.ip_forward=1
if ! grep MASQUERADE /etc/rc.local; then
echo "-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE" > /etc/rc.local
fi
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
update-rc.d openvpn defaults
# CURRENT_POSITION
# FINISH
# Client config
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
# Copy:
# * ca.crt
# * PROJECT_client.crt
# * PROJECT_client.key
# from PROJECT server to
# /etc/openvpn/keys/PROJECT directory
# edit client.conf:
# remote <server-hostname> 1194
# ca /etc/openvpn/keys/PROJECT/ca.crt
# cert /etc/openvpn/keys/PROJECT/<client-name>.crt
# key /etc/openvpn/keys/PROJECT/<client-name>.key
# update-rc.d openvpn defaults