[Linux]Build VPN Server Using OpenVPN
@ GordonWei · Thursday, Oct 15, 2020 · 1 minute read · Update at Oct 15, 2020

Server Side

Install Packages.

apt-get install openvpn easy-rsa

Copy Server’s Config.

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

Edit It.

dh dh1024.pem to dh dh2048.pem

uncomment these line

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup

Enable ip_forward ipv4

echo 1 > /proc/sys/net/ipv4/ip_forward`

Or Edit Uncomment /etc/sysctl.conf

net.ipv4.ip_forward=1

In This Case Firewall Is Disable

Copy easy-rsa To Openvpn Folder

cp -r /usr/share/easy-rsa/ /etc/openvpn

Create keys Folder In /etc/openvpn/easy-rsa/

mkdir -p /etc/openvpn/easy-rsa/keys`

Edit vars And Change These

export KEY_COUNTRY="US"
export KEY_PROVINCE="TX"
export KEY_CITY="Dallas"
export KEY_ORG="My Company Name"
export KEY_EMAIL="sammy@example.com"
export KEY_OU="MYOrganizationalUnit"
export KEY_NAME="server"

Create pem

openssl dhparam -out /etc/openvpn/dh2048.pem 2048

Run cert Flow

cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca

Create server key

./build-key-server server
cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn

Create client conf&cert

./build-key client1
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn

Edit client.conf Change remote To Your Server

remote 'my-server-1' 1194

Comment These

#ca ca.crt
#cert client.crt
#key client.key

Add These

<ca>
(insert ca.crt here)
</ca>
<cert>
(insert client1.crt here)
</cert>
<key>
(insert client1.key here)
</key>

Make Sure Your FireWall Port Forward Is Currect.

Forward All Traffic To Outside.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`

Client Side

Install VPN Software In Your Device.

Then Copy client.ovpn From Server To Your Devices And Import It.

comments powered by Disqus

GordonWei's blog

4g-dongle 4g-lte 518 active-directory activity ad alcatel always-free amd-apu apache arm associate aws aws-cdk aws-certified aws-cli aws-efs aws-lex aws-nuke aws-s3 aws-saa aws-security aws-ssm aws-sso bind bind-view blog brew build-image catalina centos-7 centos7 cfn-flip change-swap chatbot clean-cache clean-resources cloudfront cups deeplearning delete-sns developer directory-service dlink-dcs930l docker docker-compose docker-error domain dvac01 ec2 ec2-mount-efs ec2-ssm error export-ovf fail2ban fat32-to-ntfs freeradius gcloud gcp gcp-change-account git git-error github github-error google-adsens google-cloud-platform grub hh41 homebridge homekit homekit-ui http https huawei-e3372 hugo hugo-blog hugo-post ios ios-run-python iphone-backup ipv6-apt iso-to-usb job-bank json json-dumps keras lambda latin ldap ldap3 letsencrypt likecoin linux linux-vnc lte-dongle mac mac-backup mail-server mi-home migration ms-ad multiple-account mysql mysql-error mysql-federated netapp npm npm-upgrade ntfs ntp-server oai on-premise openvpn openwebmail oracle-cloud orange-pi peering permission-deny pip-error pip-install printer python python-access-ad python-ftp python2 python3 radius radius-mysql radius3.0 raspberry-pi raspberry-pi-zero reset-password resize-img resize-sd-partition root router rpi-camera s3 s3-error s3-policy samba samba-error scs-c01 security selinux session-manage sns solution-architect-associate ssl ssm sysops system-manager systems-manager table-sync time-machine time_wait timezone tls typeerror ubuntu ubuntu-18.04 ubuntu16.04 uniout update-error usb usb-install vmware-player volume-lock vpc vpn vpn-server web-server win10 windows xiaomi yaml zimbra 廣告 永久免費 無法更新索引 燒光碟 自動搶 阿爾卡特
aws
gcp
iot
mac
oci

© 2020 GordonWei's Blog

Powered by Hugo with theme Dream.

Experience

2020 - Now / 趣遊科技 - 資深SRE工程師

2019 - 2020 / 104人力銀行 - DevOps 工程師

2018 - 2019 / 104人力銀行 - Net 工程師

2016 - 2018 / 全林實業股份有限公司 - 系統部協理

2015 – 2016 / 恩據優資訊工作室 – 負責人

2014 – 2015 / 安盟科技股份有限公司 – 資深IT工程師

2013 – 2014 / 上海鷺豐農業科技有限公司 – 系統工程師

2010 – 2012 / 104 人力銀行 – 維護工程師

2008 - 2009 / 典匠資訊 – MIS

Projects

  • 2019/09 - now 104人力銀行 - AWS Account 回收暨IaC專案
  • 2018/10 - 2018/12 104人力銀行 - DR Site 協助建置
  • 2018/03 - 2018/05 全林實業 - 工研院人臉辨識與使用者行為分析專案
  • 2018/04 - 2018/05 全林實業 - 嘉義公車站無線網路專案
  • 2017/06 - 2018/05 全林實業 - 新加坡無線網路專案
  • 2017/05 - 2018/05 全林實業 - 捷運無線網路專案
  • 2017/01 - 2017/04 全林實業 - 弋楊科技遊覽車專案
  • 2016/12 - 2017/04 全林實業 - 亞太好行網重構、建置
  • 2016/12 - 2017/02 全林實業 - 愛巴士無線網路專案
  • 2016/11 - 2017/01 全林實業 - 泰國Free AD Wifi專案
  • 2016/10 - 2016/12 全林實業 - 桃園客運無線網路專案
  • 2016/09 - 2016/12 全林實業 - 怡客咖啡廳無線網路專案
  • 2016/07 - 2017/07 全林實業 - 主要系統規劃、重構與建置
  • 2014/09 - 2015/04 安盟科技 - 機房架構規劃rebuild / CRM系統開發客製
  • 2013/07 – 2014/07 上海鷺豐農業科技 - 研發農業環境監控系統(Arduino)
  • 2011/11 – 2012/06 104人力銀行 - 協助導入虛擬化技術專案 (Citrix Xen Server、Desktop)

About

GordonWei

小弟是一位沒錢又沒閒的普通人, 只能靠自學以及不斷的實作來吸取經驗。

希望可以把自己的經驗留存下來,讓彼此的能力更進一步!!

認證