Ok so mencore you asked me some tips on openvpn installation
writing small tutorial, should be running just fine after that, first you need to know if TUN device is enabled, if not then :viking: buy a real server :p
(VPS should have TUN disabled by default, contact your host about that, this tutorial will obviously work for dedicated servers)
I was using a debian solution to install my vpn, that won't matter it's kinda the same for all linux, understand and edit if needed
SSH !!!
Part1: Needed
Check if TUN Device is enabled :
Result:
Neat ! It's enabled (yea lol the message is scary, first time I thought my server was going to explode, bad state + hardware = bad explosion)
if another message like No such device then oops it's disabled :p
Try to enable it:
or
You also need to listen to this, otherwise the installation will fail
Part2: Wut ?
Ok so follow these lines, copy paste :)
SAVE
SAVE
Now make it permanent
SAVE
SAVE
Part3: Clients
SAVE
any questions ? ask :o
writing small tutorial, should be running just fine after that, first you need to know if TUN device is enabled, if not then :viking: buy a real server :p
(VPS should have TUN disabled by default, contact your host about that, this tutorial will obviously work for dedicated servers)
I was using a debian solution to install my vpn, that won't matter it's kinda the same for all linux, understand and edit if needed
SSH !!!
Part1: Needed
- SSH Access (&Putty)
- apt-get install openvpn
- apt-get install vim //(vi can do it but I prefer vim so install it !)
- apt-get install zip
- TUN Device enabled !
Check if TUN Device is enabled :
Code:
cat /dev/net/tun
Code:
[COLOR=#008080][B]cat: /dev/net/tun: File descriptor in bad state [/B][/COLOR]
Neat ! It's enabled (yea lol the message is scary, first time I thought my server was going to explode, bad state + hardware = bad explosion)
if another message like No such device then oops it's disabled :p
Try to enable it:
Code:
mkdir -p /dev/net mknod /dev/net/tun c 10 200 chmod 600 /dev/net/tun
Code:
modprobe tun [I][COLOR=#008000]//(may epic fail)[/COLOR][/I]
Part2: Wut ?
Ok so follow these lines, copy paste :)
Code:
mkdir /etc/openvpn/easy-rsa/openvpn[I][COLOR=#008000] //Create open VPN folder[/COLOR][/I] cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ [COLOR=#008000][I]//Copy paste OVPN examples into our new folder, needed soon[/I][/COLOR] chown -R $USER /etc/openvpn/easy-rsa/ [I][COLOR=#008000]//Set folder permissions[/COLOR][/I] vim /etc/openvpn/easy-rsa/vars [COLOR=#008000]//Use vim editor to edit ! Edit export keys at the bottom (country,email,shits) [/COLOR]
Code:
cd /etc/openvpn/easy-rsa/ source vars ./clean-all [I][COLOR=#008000]//(for the fun, in case you already tried to create some, will clean !)[/COLOR][/I] ./build-dh [COLOR=#008000][I]// build diffie hellman[/I][/COLOR] [I][COLOR=#008000](TLS&SSL)[/COLOR][/I] ./pkitool --initca ./pkitool --server server openvpn --genkey --secret keys/ta.key cp keys/ca.crt keys/ta.key keys/server.crt keys/server.key keys/dh1024.pem /etc/openvpn/ mkdir /etc/openvpn/jail mkdir /etc/openvpn/clientconf [COLOR=#000000]vim[/COLOR] /etc/openvpn/server.conf
Code:
mode server
proto tcp
port 443
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
# Log
verb 3
mute 20
status openvpn-status.log
; log-append /var/log/openvpn.log
Code:
cd /etc/openvpn openvpn server.conf
IF INITIALIZATION SEQUENCE COMPLETED THEN FINE NOW UNCOMMENT LOG APPEND LINE IN /etc/openvpn/server.conf (log-append /var/log/openvpn.log)
START IT
START IT
Code:
/etc/init.d/openvpn start sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
Now make it permanent
Code:
vim /etc/sysctl.conf [COLOR=#008000](net.ipv4.ip_forward =1)[/COLOR] [COLOR=#a52a2a](uncomment that line)[/COLOR]
But in order to make the route possible (yea you'll be able to connect but no internet O_O), you need some iptables !
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to [COLOR=#008000]XXX.REMOTESERVIP[/COLOR] iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to [COLOR=#008000]XXX.REMOTESERVIP[/COLOR] sh -c "iptables-save > /etc/iptables.rules" [B][COLOR=#008000]//save[/COLOR][COLOR=#008000] iptables[/COLOR][/B] vim /etc/network/interfaces
ADD IN PRIMARY NETWORK PART
Code:
pre-up iptables-restore < /etc/iptables.rules
Part3: Clients
Code:
cd /etc/openvpn/easy-rsa source vars ./build-key-pass papaunstuck
set password & infos (follow instructions)
Code:
mkdir /etc/openvpn/clientconf/papaunstuck/ cp /etc/openvpn/ca.crt /etc/openvpn/ta.key keys/papaunstuck.crt keys/papaunstuck.key /etc/openvpn/clientconf/papaunstuck/ cd cd /etc/openvpn/clientconf/papaunstuck/ vim client.conf
Code:
client
dev tun
proto tcp-client
remote[COLOR=#008000] XXX.REMOTESERVIP [/COLOR]443
resolv-retry infinite
cipher AES-256-CBC
ca ca.crt
cert papaunstuck.crt
key papaunstuck.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
verb 3
COMPATIBILITY WITH OPENVPN
Code:
cp client.conf client.ovpn zip papaunstuck.zip *.*
ok you got clients files, download the zip file generated in that folder & extract it's content in openvpn config folder (on your computer of course)
then connect using password (start openvpn gui)
then connect using password (start openvpn gui)
any questions ? ask :o
Comment