Difference between revisions of "Install openvpn in Ubuntu 14.04"
| Line 49: | Line 49: | ||
</source> | </source> | ||
In the same vars file, also edit this one line shown below. For simplicity, we will use server as the key name. If you want to use a different name, you would also need to update the OpenVPN configuration files that reference server.key and server.crt.<br> | In the same vars file, also edit this one line shown below. For simplicity, we will use server as the key name. If you want to use a different name, you would also need to update the OpenVPN configuration files that reference server.key and server.crt.<br> | ||
| − | export KEY_NAME= | + | export KEY_NAME=''server'''''Bold text'''<br><br> |
openssl dhparam -out /etc/openvpn/dh2048.pem 2048<br> | openssl dhparam -out /etc/openvpn/dh2048.pem 2048<br> | ||
cd /etc/openvpn/easy-rsa<br> | cd /etc/openvpn/easy-rsa<br> | ||
Revision as of 15:56, 25 July 2016
Reference - https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
apt-get update
apt-get install openvpn easy-rsa
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
vim /etc/openvpn/server.conf
Edit dh1024.pem to say:
dh2048.pem
Uncomment push "redirect-gateway def1 bypass-dhcp" so the VPN server passes on clients' web traffic to its destination.
Uncomment push "dhcp-option DNS 208.67.222.222" and push "dhcp-option DNS 208.67.220.220".
The dns servers should be configured in the clients dns as well.
Uncomment both user nobody and group nogroup.
Packet Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
In sysctl.conf uncomment below
net.ipv4.ip_forward=1
Firewall stuff
ufw allow 1194/udp
vim /etc/default/ufw
Change drop to accept
EFAULT_FORWARD_POLICY="ACCEPT"
Next we will add additional ufw rules for network address translation and IP masquerading of connected clients.
vim /etc/ufw/before.rules
Add the below to top of file :
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
ufw status
Creating a Certificate Authority and Server-Side Certificate & Key
First copy over the Easy-RSA generation scripts.
cp -r /usr/share/easy-rsa/ /etc/openvpn
vim /etc/openvpn/easy-rsa/vars
Edit all of below appropriately
export KEY_COUNTRY="US" export KEY_PROVINCE="TX" export KEY_CITY="Dallas" export KEY_ORG="My Company Name" export KEY_EMAIL="sammy@example.com" export KEY_OU="MYOrganizationalUnit"
In the same vars file, also edit this one line shown below. For simplicity, we will use server as the key name. If you want to use a different name, you would also need to update the OpenVPN configuration files that reference server.key and server.crt.
export KEY_NAME=serverBold text
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./clean-all
Generate a Certificate and Key for the Server
./build-key-server server
