Difference between revisions of "Openvpn Ubuntu"
Line 1: | Line 1: | ||
How to install OpenVPN on Ubuntu (tested with ubuntu 14.04; should also wqord on Ubuntu 16.04) | How to install OpenVPN on Ubuntu (tested with ubuntu 14.04; should also wqord on Ubuntu 16.04) | ||
+ | |||
First of all please remember to enable TUN/TAP for your VPS in ClientArea or in ControlPanel. | First of all please remember to enable TUN/TAP for your VPS in ClientArea or in ControlPanel. | ||
Latest revision as of 11:16, 14 June 2017
How to install OpenVPN on Ubuntu (tested with ubuntu 14.04; should also wqord on Ubuntu 16.04)
First of all please remember to enable TUN/TAP for your VPS in ClientArea or in ControlPanel.
Install openvpn:
apt-get install openvpn
Install easy-rsa and copying it to folder with openvpn:
sudo apt-get install easy-rsa mkdir /etc/openvpn/easy-rsa cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa mv /etc/openvpn/easy-rsa/easy-rsa /etc/openvpn/easy-rsa/2.0
Go to created folder:
cd /etc/openvpn/easy-rsa/2.0
Edit variable file:
nano vars
It should look like this:
export OPENSSL="openssl" export KEY_COUNTRY="US" export KEY_PROVINCE="California" export KEY_CITY="California" export KEY_ORG="server" export KEY_EMAIL="your@email.here" export KEY_EMAIL=your@email.here export KEY_CN=server export KEY_NAME=server export KEY_OU=server export PKCS11_MODULE_PATH=changeme export PKCS11_PIN=1234
Configurate openssl:
cp openssl-1.0.0.cnf openssl.cnf
Generate keys and certificates:
source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh openvpn --genkey --secret keys/ta.key cp -r /etc/openvpn/easy-rsa/2.0/keys/ /etc/openvpn/
Create server config file:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ cd /etc/openvpn gunzip -d /etc/openvpn/server.conf.gz
nano /etc/openvpn/server.conf
It should look like this:
port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 client-config-dir ccd ifconfig-pool-persist ipp.txt route 192.168.0.0 255.255.255.0 auth SHA1 cipher BF-CBC keepalive 10 120 comp-lzo max-clients 10 user nobody group nogroup persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3 mute 10
Restart openvpn:
service openvpn restart
Enable forwarding:
nano /etc/sysctl.conf
Set the following value:
net.ipv4.ip_forward = 1
Apply:
sudo sysctl -p
Create client:
cd /etc/openvpn/easy-rsa/2.0 source vars ./build-key client ./build-key-pass client
Now you need to copy keys (ca.crt, dh1024.pem, client.crt, client.key, ta.key) in your OpenVPN client /etc/openvpn/server.conf and create openvpn conf file:
nano /etc/openvpn/server.conf
Paste the following lines:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3