Linux/OpenVPN: Difference between revisions

From Wiki
Line 15: Line 15:
  dh    /etc/openvpn/easy-rsa/keys/dh2048.pem
  dh    /etc/openvpn/easy-rsa/keys/dh2048.pem
  tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
  tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
  server 10.8.0.0 255.255.255.0
  server 10.8.0.0 255.255.255.0
  ifconfig-pool-persist ipp.txt
  ifconfig-pool-persist ipp.txt
  push "dhcp-option DNS 10.8.0.1"
  push "dhcp-option DNS 10.8.0.1"
  client-to-client
  client-to-client
Line 30: Line 28:
  status openvpn-status.log
  status openvpn-status.log
  verb 3
  verb 3


  ;push "route 192.168.10.0 255.255.255.0"
  ;push "route 192.168.10.0 255.255.255.0"

Revision as of 21:53, 27 December 2013

Also see: OpenWrt/OpenVPN


OpenVPN - Routing Howto

OpenVPN Internet Server

  • easy-rsa
  • server.conf
port 1194
proto udp
dev tun
ca    /etc/openvpn/easy-rsa/keys/ca.crt
cert  /etc/openvpn/easy-rsa/keys/server.crt
key   /etc/openvpn/easy-rsa/keys/server.key
dh    /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
max-clients 20
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;duplicate-cn
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
;log         openvpn.log
;log-append  openvpn.log
;mute 20
  • /etc/sysctl.conf
net.ipv4.ip_forward=1
  • rc.local
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
/etc/init.d/dnsmasq start
  • apt-get install dnsmasq
  • /etc/dnsmasq.conf
interfaces=tun0
bind-interfaces
no-hosts
address=/server.domain.de/10.8.0.1

OpenVPN Home Router Client

OpenVPN Mobile Client

  • Internal traffic through VPN / Internet traffic through ISP
client
dev tun
proto udp
remote server.domain.de 1194 
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert device1.crt
key device1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
  • Internal traffic through VPN + Internet traffic through VPN
client
dev tun
proto udp
remote server.domain.de 1194
resolv-retry infinite
nobind 
persist-key
persist-tun
ca ca.crt
cert device1.crt
key device1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
redirect-gateway def1 bypass-dhcp

Links