Installing openvpn on Linux Debian wheezy 7

I have installed openvpn on my Debian system so it’s possible to surf with my winhoos laptop on the amprnet. Work quite nice

In this description I do not give much text and explanation. On the internet there is plenty to find about configuring openvpn.

apt-get update
apt-get install openvpn easy-rsa
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
nano /etc/openvpn/server.conf

This is what I use, it’s a simple setup.

# OpenVpn server.conf setup
port 1194
proto udp
dev tap

ca /etc/openvpn/ca.crt
cert /etc/openvpn/gw.pd2lt.crt
key /etc/openvpn/gw.pd2lt.key
dh /etc/openvpn/dh1024.pem

server 44.137.31.80 255.255.255.248
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 44.137.0.1"
push "route 44.0.0.0 255.0.0.0"
push "route 44.137.31.64 255.255.255.224"

keepalive 1800 4000

comp-lzo
max-clients 10

persist-key
persist-tun

Enable Packet Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward
nano /etc/sysctl.conf

Change
#net.ipv4.ip_forward=1
to
net.ipv4.ip_forward=1

Save and exit

cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys
nano /etc/openvpn/easy-rsa/vars

Changes to your own needs.

export KEY_COUNTRY="NL"
export KEY_PROVINCE="Zeeland"
export KEY_CITY="Kortgene"
export KEY_ORG="packet-radio"
export KEY_EMAIL="packet ( @ ) packet-radio.net"
export KEY_OU="packet-radio"

In the same vars file, also edit this one line shown below.

# X509 Subject Field
export KEY_NAME="EasyRSA"

Also changes to your own needs.

# X509 Subject Field
export KEY_NAME="packet-radio"

Next

openssl dhparam -out /etc/openvpn/dh1024.pem 1024

Cd to directory easy-rsa

cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server packet-radio

Hit ENTER to accept defined, default values.

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Press ENTER to pass through each one.

Hit (Y) and enter

Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]

cp /etc/openvpn/easy-rsa/keys/{packet-radio.crt,packet-radio.key,ca.crt} /etc/openvpn
service openvpn start
service openvpn status

Generate Certificates and Keys for Clients

./build-key pd2lt

Press ENTER to accept the defaults.

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Hit (Y) enter

Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
nano /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
client
remote server-ip 1194
ca c:\\certs\\ca.crt
cert c:\\certs\\pd2lt.crt
key c:\\certs\\pd2lt.key
ns-cert-type server
comp-lzo yes
dev tap
proto udp
nobind
auth-nocache
persist-key
persist-tun

Copy the the files to the client computer in the c:\certs directory.

pd2lt.crt
pd2lt.key
pd2lt.ovpn
ca.crt

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.