Linux/OpenVPN
< Linux
Also see: OpenWrt/OpenVPN
OpenVPN - Routing Howto
OpenVPN Internet Server
- easy-rsa
- server.conf
port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 10.8.0.1" client-to-client keepalive 10 120 comp-lzo max-clients 20 user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" ;duplicate-cn ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES ;log openvpn.log ;log-append openvpn.log ;mute 20
- /etc/sysctl.conf
net.ipv4.ip_forward=1
- rc.local
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE /etc/init.d/dnsmasq start
- apt-get install dnsmasq
- /etc/dnsmasq.conf
interfaces=tun0 bind-interfaces no-hosts address=/server.domain.de/10.8.0.1
OpenVPN Home Router Client
OpenVPN Mobile Client
- Internal traffic through VPN / Internet traffic through ISP
client dev tun proto udp remote server.domain.de 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert device1.crt key device1.key ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3
- Internal traffic through VPN + Internet traffic through VPN
client dev tun proto udp remote server.domain.de 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert device1.crt key device1.key ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3 redirect-gateway def1 bypass-dhcp
Links
- http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn?start=4
- http://serverfault.com/questions/368412/getting-openvpn-to-fully-connect-two-networks
- http://wiki.ubuntuusers.de/OpenVPN
- http://sarwiki.informatik.hu-berlin.de/OpenVPN_(deutsch)#Wahl_des_virtuellen_Device
- http://openvpn.net/index.php/open-source/documentation/howto.html#pki
- http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Server_Configuration
- https://blog.ipredator.se/howto/openwrt/configuring-openvpn-on-openwrt.html
- http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun
- http://thomas-leister.de/allgemein/openvpn-server-als-internet-gateway-unter-ubuntu-12-04/
- https://wiki.archlinux.org/index.php/Openvpn
- http://www.area536.com/projects/securely-link-two-offices-using-openvpn/