writing small tutorial, should be running just fine after that, first you need to know if TUN device is enabled, if not then :viking: buy a real server :p
(VPS should have TUN disabled by default, contact your host about that, this tutorial will obviously work for dedicated servers)
I was using a debian solution to install my vpn, that won't matter it's kinda the same for all linux, understand and edit if needed
SSH !!!
Part1: Needed
- SSH Access (&Putty)
- apt-get install openvpn
- apt-get install vim //(vi can do it but I prefer vim so install it !)
- apt-get install zip
- TUN Device enabled !
Check if TUN Device is enabled :
cat /dev/net/tun
[COLOR=#008080][B]cat: /dev/net/tun: File descriptor in bad state [/B][/COLOR]
Neat ! It's enabled (yea lol the message is scary, first time I thought my server was going to explode, bad state + hardware = bad explosion)
if another message like No such device then oops it's disabled :p
Try to enable it:
mkdir -p /dev/net mknod /dev/net/tun c 10 200 chmod 600 /dev/net/tun
modprobe tun [I][COLOR=#008000]//(may epic fail)[/COLOR][/I]
Part2: Wut ?
Ok so follow these lines, copy paste :)
mkdir /etc/openvpn/easy-rsa/openvpn[I][COLOR=#008000] //Create open VPN folder[/COLOR][/I] cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ [COLOR=#008000][I]//Copy paste OVPN examples into our new folder, needed soon[/I][/COLOR] chown -R $USER /etc/openvpn/easy-rsa/ [I][COLOR=#008000]//Set folder permissions[/COLOR][/I] vim /etc/openvpn/easy-rsa/vars [COLOR=#008000]//Use vim editor to edit ! Edit export keys at the bottom (country,email,shits) [/COLOR]
cd /etc/openvpn/easy-rsa/ source vars ./clean-all [I][COLOR=#008000]//(for the fun, in case you already tried to create some, will clean !)[/COLOR][/I] ./build-dh [COLOR=#008000][I]// build diffie hellman[/I][/COLOR] [I][COLOR=#008000](TLS&SSL)[/COLOR][/I] ./pkitool --initca ./pkitool --server server openvpn --genkey --secret keys/ta.key cp keys/ca.crt keys/ta.key keys/server.crt keys/server.key keys/dh1024.pem /etc/openvpn/ mkdir /etc/openvpn/jail mkdir /etc/openvpn/clientconf [COLOR=#000000]vim[/COLOR] /etc/openvpn/server.conf
mode server proto tcp port 443 dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem tls-auth ta.key 0 cipher AES-256-CBC server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" keepalive 10 120 user nobody group nogroup chroot /etc/openvpn/jail persist-key persist-tun comp-lzo # Log verb 3 mute 20 status openvpn-status.log ; log-append /var/log/openvpn.log
cd /etc/openvpn openvpn server.conf
START IT
/etc/init.d/openvpn start sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
Now make it permanent
vim /etc/sysctl.conf [COLOR=#008000](net.ipv4.ip_forward =1)[/COLOR] [COLOR=#a52a2a](uncomment that line)[/COLOR]
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to [COLOR=#008000]XXX.REMOTESERVIP[/COLOR] iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to [COLOR=#008000]XXX.REMOTESERVIP[/COLOR] sh -c "iptables-save > /etc/iptables.rules" [B][COLOR=#008000]//save[/COLOR][COLOR=#008000] iptables[/COLOR][/B] vim /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules
Part3: Clients
cd /etc/openvpn/easy-rsa source vars ./build-key-pass papaunstuck
mkdir /etc/openvpn/clientconf/papaunstuck/ cp /etc/openvpn/ca.crt /etc/openvpn/ta.key keys/papaunstuck.crt keys/papaunstuck.key /etc/openvpn/clientconf/papaunstuck/ cd cd /etc/openvpn/clientconf/papaunstuck/ vim client.conf
client dev tun proto tcp-client remote[COLOR=#008000] XXX.REMOTESERVIP [/COLOR]443 resolv-retry infinite cipher AES-256-CBC ca ca.crt cert papaunstuck.crt key papaunstuck.key tls-auth ta.key 1 nobind persist-key persist-tun comp-lzo verb 3
cp client.conf client.ovpn zip papaunstuck.zip *.*
then connect using password (start openvpn gui)
any questions ? ask :o
Comment