openvpn_quick-n-dirty
no way to compare when less than two revisions
Error loading plugin gallery
ParseError: syntax error, unexpected token "{"
More info is available in the error log.
ParseError: syntax error, unexpected token "{"
More info is available in the error log.
Differences
This shows you the differences between two versions of the page.
| — | openvpn_quick-n-dirty [2018/07/30 09:56] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | openvpn --genkey --secret static.key | ||
| + | Then copy this key to both client/ | ||
| + | server-static.conf: | ||
| + | |||
| + | # run with: ' | ||
| + | mode p2p # default | ||
| + | proto udp # default | ||
| + | dev tun # default | ||
| + | port 1194 # default - server will listen on all interfaces, on this port | ||
| + | dev tun | ||
| + | ifconfig 10.4.0.1 10.4.0.2 # first Tunnel-IP is local, 2nd Tunnel-IP is remote | ||
| + | verb 3 | ||
| + | secret static.key # openvpn --genkey --secret static.key | ||
| + | keepalive 10 60 | ||
| + | persist-tun | ||
| + | persist-key | ||
| + | persist-local-ip | ||
| + | comp-lzo | ||
| + | |||
| + | client-static.conf: | ||
| + | |||
| + | # run with: ' | ||
| + | mode p2p # default | ||
| + | proto udp # default | ||
| + | dev tun # default | ||
| + | remote [server ip] 1194 # client will connect to this (server) IP + port | ||
| + | ifconfig 10.4.0.2 10.4.0.1 # first Tunnel-IP is local, 2nd Tunnel-IP is remote | ||
| + | verb 3 | ||
| + | secret static.key | ||
| + | keepalive 10 60 | ||
| + | comp-lzo | ||
| + | explicit-exit-notify 2 | ||
| + | |||
| + | |||
| + | firewall and port forwarding | ||
| + | firewall.sh: | ||
| + | | ||
| + | # run as 'sudo sh ./ | ||
| + | iptables -F | ||
| + | iptables -X | ||
| + | iptables -t nat -F | ||
| + | iptables -t nat -X | ||
| + | iptables -P INPUT ACCEPT | ||
| + | iptables -P FORWARD ACCEPT | ||
| + | iptables -P OUTPUT ACCEPT | ||
| + | | ||
| + | SERVER=' | ||
| + | | ||
| + | iptables -A POSTROUTING -t nat --match iprange --src-range 10.4.0.2 -j SNAT --to-source $SERVER | ||
| + | ## low ports first | ||
| + | iptables -A PREROUTING -t nat --dst $SERVER -p tcp --dport 23:1024 -j DNAT --to 10.4.0.2 | ||
| + | ## other ports (watch not to forward OpenVPN port 1194!) | ||
| + | # iptables -A PREROUTING -t nat --dst [server ip] --dport 1200:20000 -j DNAT --to 10.4.0.2 | ||
| + | # | ||
| + | # echo 1 > / | ||
| + | |||
| + | complete and (way) more secure setup: http:// | ||
| + | |||
| + | automated setup (nice!): https:// | ||
openvpn_quick-n-dirty.txt · Last modified: by 127.0.0.1