{"id":127,"date":"2017-07-03T04:19:57","date_gmt":"2017-07-03T04:19:57","guid":{"rendered":"http:\/\/198.167.140.231\/knowledge\/?p=127"},"modified":"2019-03-06T06:46:10","modified_gmt":"2019-03-06T06:46:10","slug":"openvpn-configuration-debian-server-client","status":"publish","type":"post","link":"https:\/\/info.juliusgoh.life\/?p=127","title":{"rendered":"Openvpn configuration ( debian server &#038; client)"},"content":{"rendered":"<p><strong>Server<\/strong><\/p>\n<ul>\n<li>apt-get install openvpn<\/li>\n<li>go into \/etc\/openvpn\/, make a directory easy-rsa ( mkdir easy-rsa ), then run the below command accordingly to your release version :-\n<ul>\n<li>Wheezy\n<ul>\n<li>cp -R \/usr\/share\/doc\/openvpn\/examples\/easy-rsa\/2.0* easy-rsa\/<\/li>\n<\/ul>\n<\/li>\n<li>Jessie and above\n<ul>\n<li>apt-get install easy-rsa<\/li>\n<li>cp -R \/usr\/share\/easy-rsa\/* easy-rsa\/<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Edit <em>\/etc\/openvpn\/easy-rsa\/vars<\/em> bottom according to your organization.<\/li>\n<li>Then execute the following command<\/li>\n<li>\n<pre># cd easy-rsa\/\r\n<span id=\"line-2-8\" class=\"anchor\"><\/span># mkdir keys\r\n<span id=\"line-3-6\" class=\"anchor\"><\/span># touch keys\/index.txt\r\n<span id=\"line-4-5\" class=\"anchor\"><\/span># echo 01 &gt; keys\/serial\r\n<span id=\"line-5-3\" class=\"anchor\"><\/span># . .\/vars  # set environment variables\r\n<span id=\"line-6-2\" class=\"anchor\"><\/span># .\/clean-all<\/pre>\n<\/li>\n<li>Then we can start creating keys and certificate<\/li>\n<li>Notes :-\n<ul>\n<li>only .key files should be kept confidential.<span id=\"line-173\" class=\"anchor\"><\/span><\/li>\n<li>.crt and .csr files can be sent over insecure channels such as plaintext email.<span id=\"line-174\" class=\"anchor\"><\/span><\/li>\n<li>do not need to copy a .key file between computers.<span id=\"line-175\" class=\"anchor\"><\/span><\/li>\n<li>each computer will have its own certificate\/key pair.<\/li>\n<\/ul>\n<\/li>\n<li>cd into easy-rsa \u00a0, and run the following codes\n<ul>\n<li>.\/build-ca<\/li>\n<li>.\/build-key-server server<\/li>\n<li>.\/build-dh<\/li>\n<li>.\/build-key clientname or\u00a0.\/build-key-pass clientname (with PEM Phrase *Password*)<\/li>\n<\/ul>\n<\/li>\n<li>it will generate keys in \/etc\/openvpn\/easy-rsa\/keys\/ , Copy the ca.crt, clientname.crt and clientname.key rom Server to Client into \/etc\/openvpn\/easy-rsa\/keys directory<\/li>\n<li>cp ca.crt,dh2048.pem,server.crt.server.key from \/etc\/openvpn\/easy-rsa\/keys\/ to \/etc\/openvpn<\/li>\n<li>After that we will need a server.conf in \/etc\/openvpn<\/li>\n<li>In the file copy the below into\n<pre>port 1194\r\nproto udp\r\ndev tun\r\nca ca.crt\r\ncert server.crt\r\nkey server.key\r\ndh dh2048.pemserver 192.168.10.0 255.255.255.0\r\nifconfig-pool-persist ipp.txt\r\nkeepalive 10 120comp-lzo\r\npersist-key\r\npersist-tunstatus openvpn-status.log\r\nlog openvpn-log.logverb 3push \"redirect-gateway def1 bypass-dhcp\"\r\npush \"dhcp-option DNS 8.8.8.8\"\r\npush \"dhcp-option DNS 8.8.4.4\"\r\n<\/pre>\n<\/li>\n<li>To allow vpn client to use openvpn server ip you have to masquerade the eth0 by typing\n<ul>\n<li>iptabes -t nat -A POSTROUTING -s 192.168.10.0\/24 -o eth0 -j MASQUERADE<\/li>\n<\/ul>\n<\/li>\n<li>remember to place the masquerade code into \/etc\/rc.local so every time you reboot the machine it will have the rule<\/li>\n<li>then finally \u00a0run &#8220;service openvpn restart&#8221;<\/li>\n<\/ul>\n<p><strong>Client<\/strong><\/p>\n<ul>\n<li>Different os and device will have different connection method<\/li>\n<\/ul>\n<h3><b>REFERENCE: <a href=\"https:\/\/wiki.debian.org\/OpenVPN\">https:\/\/wiki.debian.org\/OpenVPN<\/a><\/b><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Server apt-get install openvpn go into \/etc\/openvpn\/, make a directory easy-rsa ( mkdir easy-rsa ), then run the below command accordingly to your release version :- Wheezy cp -R \/usr\/share\/doc\/openvpn\/examples\/easy-rsa\/2.0* easy-rsa\/ Jessie and above apt-get install easy-rsa cp -R \/usr\/share\/easy-rsa\/* easy-rsa\/ Edit \/etc\/openvpn\/easy-rsa\/vars bottom according to your organization. Then execute the following command # cd [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":214,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,9],"tags":[],"_links":{"self":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/127"}],"collection":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=127"}],"version-history":[{"count":14,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/127\/revisions"}],"predecessor-version":[{"id":523,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/posts\/127\/revisions\/523"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=\/wp\/v2\/media\/214"}],"wp:attachment":[{"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/info.juliusgoh.life\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}