INT 21h

Select language

Single connection OpenVPN in 15 minutes

№ 1935 В разделе Sysadmin от March 11th, 2010,
В подшивках: ,

VPN is a nice choice to bypass your local network blocking rules. I love OpenVPN and now I show you how to bring more freedom to your home or office network.

Server side

Connect to your future VPN server and install OpenVPN apt-get install openvpn.

Now generate new key file:

cd /etc/openvpn/
openvpn --genkey --secret masupakey.key

Create /etc/openvpn/myvpn.conf and save this:

port 5432 # change port as you like
dev my_vpn
dev-type tun
proto tcp-server
ifconfig 172.21.0.1 172.21.0.2
secret /etc/openvpn/masupakey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
cipher AES-256-CBC

So you have following connection information:
Protocol: TCP
Port: 5432
Server IP: 172.21.0.1
Client IP: 172.21.0.2

Now enable autostart and run server:

systemctl enable openvpn@myvpn
systemctl start openvpn@myvpn

Activate IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-nat.conf

Activate SNAT on server side (74.153.11.70 – external server IP, my_vpn – VPN interface, eth0 – external interface):

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 74.153.11.70
iptables -A FORWARD -i eth0 -o my_vpn -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i my_vpn -o eth0 -j ACCEPT

Client side

Connect to your home or office server and install OpenVPN apt-get install openvpn. Copy your VPN key from server and save to same place.

Create /etc/openvpn/myvpn.conf and save this:

remote 74.153.11.70
port 5432
dev vpn_server
dev-type tun
proto tcp-client
ifconfig 172.21.0.2 172.21.0.1
secret /etc/openvpn/masupakey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
cipher AES-256-CBC

Now enable autostart and run server:

systemctl enable openvpn@myvpn
systemctl start openvpn@myvpn

Add routes to your new VPN connection ip r a 8.8.8.8 via 172.21.0.1

Now check route traceroute 8.8.8.8

You great!

Всего 1 комментарий »

One response to “Single connection OpenVPN in 15 minutes”

  1. Sara says:
    August 12, 2012 at 13:23:43

    OpenVPN не принимает файл openvpn.conf . .conf не нужно.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

Облачная платформа
Яндекс.Метрика

Fortune cookie: There was a young girl from Hong Kong Who said, "You are utterly wrong To say my vagina Is the largest in China Just because of your mean little dong."