about 5 years ago

Introduce

This tutorial will show you how to set up an openvpn server on Ubuntu Server 13.04.

Set Up Steps

1. Use apt-get to install openvpn
sudo apt-get update && sudo apt-get dist-upgrade -y
sudo apt-get install openvpn openssl udev


2. Generate Server & Client Certificate Authority related files
In this step, please make sure you are in superuser mode.
sudo su this command can let you change to superuser mode.

cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0/
ln -s openssl-1.0.0.cnf openssl.cnf

source ./vars
./clean-all
./build-ca

Create Server Key
./build-key-server server

Create Client Key
./build-key client1

We need to generate Deffie Hellman Parameters which will be governing the key exchanges between the client and the server of Ubuntu OpenVPN.
./build-dh

Now, files are generated in folder /etc/openvpn/easy-rsa/2.0/keys



3. Config Server Configuration file
cd /etc/openvpn
vim server.conf
Please fill in content below:
server.conf
proto udp
dev tun

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

server  100.102.102.0 255.255.255.0

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Note:

  • proto udp you can replace udp to tcp.
  • ca, cert, key & dh properties should indicate to what you generate in step 2.
  • server 100.102.102.0 255.255.255.0 this command indicate which subnet you will distribute to client

4. Setting Network routing iptable
echo 1 > /proc/sys/net/ipv4/ip_forward
vim /etc/rc.local

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 100.102.102.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 100.102.102.0/24 -j SNAT --to-source 192.168.0.11

Note: 192.168.0.11 is you server IP which can be established connection by clients.
iptable.png


5. Start OpenVPN Server
/etc/init.d/openvpn start
You can use ifocnfig check server status.

If OpenVPN server runs, you will find that network interface will appear tun0
tun.png

Congragulation! You've set up VPN server!


6. Client Connection
Remember generating client CA files in Step 2?

Copy client1.key, client1.crt, ca.crt for client side.

In the same folder of above files, generate client1.ovpn file and fill in content:

client
dev tun
proto udp

remote 192.168.0.11 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key

comp-lzo
verb 3

Note:

  • proto should match your server setting.
  • remote IP setting should match server's IP & make sure that it is reachable.

Try to connect:
sudo openvpn --config client1.conf

← Android小心簡訊中毒! Android JNI Using Log →
 
comments powered by Disqus