Friday, April 9, 2010

Open Vpn Setup Behind Router

Router(192.168.155.1) VPN-Server (192.168.155.106) VPN Client range (172.16.17.0/24)

apt-get install openvpn openssl

cd /usr/share/doc/openvpn/examples

cp ./sample-config-files/server.conf.gz /etc/openvpn

cp -r ./easy-rsa/2.0 /etc/openvpn

cd /etc/openvpn

mv 2.0 easy-rsa

gzip -d server.conf.gz

cd /etc/openvpn/easy-rsa

vi ./vars

1. These are the default values for fields

1. which will be placed in the certificate.

1. Don't leave any of these fields blank.

export KEY_COUNTRY="US"

export KEY_PROVINCE="CA"

export KEY_CITY="SanFrancisco"

export KEY_ORG="Fort-Funston"

export KEY_EMAIL="me@myhost.mydomain"

. ./vars #run this command as root (sudo su)

./clean-all

./build-ca

./build-key-server server

./build-key client1

./build-key client2

./build-dh vi /etc/openvpn/server.conf

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

server 172.16.17.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway"

client-to-client

keepalive 10 120

tls-auth ta.key 0 # This file is secret

cipher BF-CBC # Blowfish (default)

cipher AES-128-CBC # AES

cipher DES-EDE3-CBC # Triple-DES

comp-lzo

max-clients 100

user nobody

group nogroup

persist-key

persist-tun

status /var/log/openvpn/status-ovpn.log

log-append /var/log/openvpn/status-ovpn.log

verb 3

mute 20

push "route 172.16.17.0 255.255.255.0"

push "route 192.168.155.0 255.255.255.0"

cd /etc/openvpn/easy-rsa/keys

cp ca.crt server.crt server.key dh1024.pem /etc/openvpn

Copy the client certificates and keys to wherever you want (you need them on your clients)

cp client1.crt client1.key ca.crt /home/client1 # Change the target folder to whatever you need it to be

/etc/init.d/openvpn restart

Making routes work

Before you can actually access the internet over your VPN you need to enable IPv4 forwarding and add some iptables rules.

Edit /etc/sysctl.conf

vim /etc/sysctl.conf

Uncomment net.ipv4.ipforward=1_ and save your changes.

Add the following rules to /etc/rc.local before the exit 0 statement

iptables -P FORWARD ACCEPT

iptables -t nat -A POSTROUTING -s 172.16.17.0/24 -o eth0 -j MASQUERADE Client Configuration


client

proto udp

dev tun

tls-client

remote hyd.hexagrid.net 1194

nobind

ca hyd-ca.crt

cert hyd-ranga.crt

key hyd-ranga.key

comp-lzo

verb 3
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)