User Tools

Site Tools


openvpn_quick-n-dirty
openvpn --genkey --secret static.key

Then copy this key to both client/server. server-static.conf:

# run with: 'openvpn --config server-static.conf'
mode p2p  # default
proto udp # default
dev tun   # default
port 1194 # default - server will listen on all interfaces, on this port
dev tun
ifconfig 10.4.0.1 10.4.0.2 # first Tunnel-IP is local, 2nd Tunnel-IP is remote
verb 3
secret static.key # openvpn --genkey --secret static.key
keepalive 10 60
persist-tun
persist-key
persist-local-ip
comp-lzo

client-static.conf:

# run with: 'openvpn --config client-static.conf'
mode p2p  # default
proto udp # default
dev tun   # default
remote [server ip] 1194 # client will connect to this (server) IP + port
ifconfig 10.4.0.2 10.4.0.1 # first Tunnel-IP is local, 2nd Tunnel-IP is remote
verb 3
secret static.key
keepalive 10 60
comp-lzo
explicit-exit-notify 2

firewall and port forwarding firewall.sh:

# run as 'sudo sh ./firewall.sh'
iptables -F                                                                          
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

SERVER='paste IP address of the server here'

iptables -A POSTROUTING -t nat --match iprange --src-range 10.4.0.2 -j SNAT --to-source $SERVER
## low ports first
iptables -A PREROUTING -t nat --dst $SERVER -p tcp --dport 23:1024 -j DNAT --to 10.4.0.2
## other ports (watch not to forward OpenVPN port 1194!) 
# iptables -A PREROUTING -t nat --dst [server ip] --dport 1200:20000 -j DNAT --to 10.4.0.2
#
# echo 1 > /proc/sys/net/ipv4/ip_forward

complete and (way) more secure setup: http://john.de-graaff.net/wiki/doku.php/links/openvpn#server_tls_mode_with_client-auth

automated setup (nice!): https://github.com/Nyr/openvpn-install

openvpn_quick-n-dirty.txt · Last modified: 2018/07/30 11:56 (external edit)