I have installed openvpn on my Debian system so it’s possible to surf with my winhoos laptop on the amprnet. Work quite nice
In this description I do not give much text and explanation. On the internet there is plenty to find about configuring openvpn.
apt-get update apt-get install openvpn easy-rsa gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf nano /etc/openvpn/server.conf
This is what I use, it’s a simple setup.
# OpenVpn server.conf setup port 1194 proto udp dev tap ca /etc/openvpn/ca.crt cert /etc/openvpn/gw.pd2lt.crt key /etc/openvpn/gw.pd2lt.key dh /etc/openvpn/dh1024.pem server 44.137.31.80 255.255.255.248 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 44.137.0.1" push "route 44.0.0.0 255.0.0.0" push "route 44.137.31.64 255.255.255.224" keepalive 1800 4000 comp-lzo max-clients 10 persist-key persist-tun
Enable Packet Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
nano /etc/sysctl.conf
Change
#net.ipv4.ip_forward=1
to
net.ipv4.ip_forward=1
Save and exit
cp -r /usr/share/easy-rsa/ /etc/openvpn mkdir /etc/openvpn/easy-rsa/keys nano /etc/openvpn/easy-rsa/vars
Changes to your own needs.
export KEY_COUNTRY="NL" export KEY_PROVINCE="Zeeland" export KEY_CITY="Kortgene" export KEY_ORG="packet-radio" export KEY_EMAIL="packet ( @ ) packet-radio.net" export KEY_OU="packet-radio"
In the same vars file, also edit this one line shown below.
# X509 Subject Field export KEY_NAME="EasyRSA"
Also changes to your own needs.
# X509 Subject Field export KEY_NAME="packet-radio"
Next
openssl dhparam -out /etc/openvpn/dh1024.pem 1024
Cd to directory easy-rsa
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server packet-radio
Hit ENTER to accept defined, default values.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Press ENTER to pass through each one.
Hit (Y) and enter
Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]
cp /etc/openvpn/easy-rsa/keys/{packet-radio.crt,packet-radio.key,ca.crt} /etc/openvpn
service openvpn start service openvpn status
Generate Certificates and Keys for Clients
./build-key pd2lt
Press ENTER to accept the defaults.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Hit (Y) enter
Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
nano /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
client remote server-ip 1194 ca c:\\certs\\ca.crt cert c:\\certs\\pd2lt.crt key c:\\certs\\pd2lt.key ns-cert-type server comp-lzo yes dev tap proto udp nobind auth-nocache persist-key persist-tun
Copy the the files to the client computer in the c:\certs directory.
pd2lt.crt
pd2lt.key
pd2lt.ovpn
ca.crt
You must be logged in to post a comment.