INT 21h

Hi, I am Vladimir Smagin, SysAdmin, DevOps and barely good guy. Telegram Email / GIT / Микроблог / Thingiverse / GPG

Single connection OpenVPN in 15 minutes

№ 1935 В разделе "Sysadmin" от March 11th, 2010,
В подшивках: ,

VPN is a nice choice to bypass your local network blocking rules. I love OpenVPN and now I show you how to bring more freedom to your home or office network.

Server side

Connect to your future VPN server and install OpenVPN apt-get install openvpn.

Now generate new key file:

cd /etc/openvpn/
openvpn --genkey --secret masupakey.key

Create /etc/openvpn/myvpn.conf and save this:

port 5432 # change port as you like
dev my_vpn
dev-type tun
proto tcp-server
ifconfig 172.21.0.1 172.21.0.2
secret /etc/openvpn/masupakey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
cipher AES-256-CBC

So you have following connection information:
Protocol: TCP
Port: 5432
Server IP: 172.21.0.1
Client IP: 172.21.0.2

Now enable autostart and run server:

systemctl enable openvpn@myvpn
systemctl start openvpn@myvpn

Activate IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-nat.conf

Activate SNAT on server side (74.153.11.70 – external server IP, my_vpn – VPN interface, eth0 – external interface):

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 74.153.11.70
iptables -A FORWARD -i eth0 -o my_vpn -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i my_vpn -o eth0 -j ACCEPT

Client side

Connect to your home or office server and install OpenVPN apt-get install openvpn. Copy your VPN key from server and save to same place.

Create /etc/openvpn/myvpn.conf and save this:

remote 74.153.11.70
port 5432
dev vpn_server
dev-type tun
proto tcp-client
ifconfig 172.21.0.2 172.21.0.1
secret /etc/openvpn/masupakey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
cipher AES-256-CBC

Now enable autostart and run server:

systemctl enable openvpn@myvpn
systemctl start openvpn@myvpn

Add routes to your new VPN connection ip r a 8.8.8.8 via 172.21.0.1

Now check route traceroute 8.8.8.8

You great!

Всего 1 комментарий »

One response to “Single connection OpenVPN in 15 minutes”

  1. Sara says:

    OpenVPN не принимает файл openvpn.conf . .conf не нужно.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Микроблог перейти

# 2019-12-23 09:14:01

Очень интересная концепция, docker-compose для kubernetes kompose.io/ #devops #kubernetes #docker

# 2019-12-16 17:21:18

Надо будет почитать для общего развития как оживить кластер в случае проеба сертов habr.com/ru/company/southbridg #kubernetes #devops

# 2019-12-12 17:33:46

js bootstrap с интерфейсом как в DOS github.com/kristopolous/BOOTST


© Vladimir Smagin, 2005-2019. Копирование материалов без разрешения запрещено. GPG DA4CD0F5E222EA727D6A40C413BCE12E5618F071 *
Яндекс.Метрика

Fortune cookie: Acid -- better living through chemistry.