Openvpn Ubuntu

From vpsget wiki
Jump to: navigation, search

How to install OpenVPN on Ubuntu (tested with ubuntu 14.04; should also wqord on Ubuntu 16.04)

First of all please remember to enable TUN/TAP for your VPS in ClientArea or in ControlPanel.

Install openvpn: 

apt-get install openvpn

Install easy-rsa and copying it to folder with openvpn: 

sudo apt-get install easy-rsa
mkdir /etc/openvpn/easy-rsa
cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa
mv /etc/openvpn/easy-rsa/easy-rsa /etc/openvpn/easy-rsa/2.0

Go to created folder: 

cd /etc/openvpn/easy-rsa/2.0

Edit variable file: 

nano vars

It should look like this: 

export OPENSSL="openssl"
export KEY_COUNTRY="US"
export KEY_PROVINCE="California"
export KEY_CITY="California"
export KEY_ORG="server"
export KEY_EMAIL="your@email.here"
export KEY_EMAIL=your@email.here
export KEY_CN=server
export KEY_NAME=server
export KEY_OU=server
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234

Configurate openssl: 

cp openssl-1.0.0.cnf openssl.cnf

Generate keys and certificates: 

source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key
cp -r /etc/openvpn/easy-rsa/2.0/keys/ /etc/openvpn/

Create server config file: 

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
cd /etc/openvpn
gunzip -d /etc/openvpn/server.conf.gz

nano /etc/openvpn/server.conf

It should look like this: 

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret 
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
client-config-dir ccd
ifconfig-pool-persist ipp.txt
route 192.168.0.0 255.255.255.0
auth SHA1 
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 10
user nobody
group nogroup 
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 10

Restart openvpn: 

service openvpn restart

Enable forwarding: 

nano /etc/sysctl.conf

Set the following value: 

net.ipv4.ip_forward = 1

Apply: 

sudo sysctl -p

Create client: 

cd /etc/openvpn/easy-rsa/2.0
source vars
./build-key client
./build-key-pass client

Now you need to copy keys (ca.crt, dh1024.pem, client.crt, client.key, ta.key) in your OpenVPN client /etc/openvpn/server.conf and create openvpn conf file: 

nano /etc/openvpn/server.conf

Paste the following lines: 

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Retrieved from "https://wiki.vpsget.com/index.php?title=Openvpn_Ubuntu&oldid=7246"