Server Side
Install Packages.
apt-get install openvpn easy-rsa
Copy Server’s Config.
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
Edit It.
dh dh1024.pem to dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup
Enable ip_forward ipv4
echo 1 > /proc/sys/net/ipv4/ip_forward`
net.ipv4.ip_forward=1
In This Case Firewall Is Disable
Copy easy-rsa To Openvpn Folder
cp -r /usr/share/easy-rsa/ /etc/openvpn
Create keys Folder In /etc/openvpn/easy-rsa/
mkdir -p /etc/openvpn/easy-rsa/keys`
Edit vars And Change These
export KEY_COUNTRY="US"
export KEY_PROVINCE="TX"
export KEY_CITY="Dallas"
export KEY_ORG="My Company Name"
export KEY_EMAIL="sammy@example.com"
export KEY_OU="MYOrganizationalUnit"
export KEY_NAME="server"
Create pem
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
Run cert Flow
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
Create server key
./build-key-server server
cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
Create client conf&cert
./build-key client1
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn
Edit client.conf Change remote To Your Server
remote 'my-server-1' 1194
#ca ca.crt
#cert client.crt
#key client.key
Add These
<ca>
(insert ca.crt here)
</ca>
<cert>
(insert client1.crt here)
</cert>
<key>
(insert client1.key here)
</key>
Make Sure Your FireWall Port Forward Is Currect.
Forward All Traffic To Outside.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`
Client Side
Install VPN Software In Your Device.
Then Copy client.ovpn From Server To Your Devices And Import It.
