Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+  openvpn --genkey --secret static.key
+Then copy this key to both client/server.
+server-static.conf:
+  # run with: 'openvpn --config server-static.conf'
+  mode p2p  # default
+  proto udp # default
+  dev tun   # default
+  port 1194 # default - server will listen on all interfaces, on this port
+  dev tun
+  ifconfig 10.4.0.1 10.4.0.2 # first Tunnel-IP is local, 2nd Tunnel-IP is remote
+  verb 3
+  secret static.key # openvpn --genkey --secret static.key
+  keepalive 10 60
+  persist-tun
+  persist-key
+  persist-local-ip
+  comp-lzo
+client-static.conf:
+  # run with: 'openvpn --config client-static.conf'
+  mode p2p  # default
+  proto udp # default
+  dev tun   # default
+  remote [server ip] 1194 # client will connect to this (server) IP + port
+  ifconfig 10.4.0.2 10.4.0.1 # first Tunnel-IP is local, 2nd Tunnel-IP is remote
+  verb 3
+  secret static.key
+  keepalive 10 60
+  comp-lzo
+  explicit-exit-notify 2
+firewall and port forwarding
+firewall.sh:
+  # run as 'sudo sh ./firewall.sh'
+  iptables -F
+  iptables -X
+  iptables -t nat -F
+  iptables -t nat -X
+  iptables -P INPUT ACCEPT
+  iptables -P FORWARD ACCEPT
+  iptables -P OUTPUT ACCEPT
+  SERVER='paste IP address of the server here'
+  iptables -A POSTROUTING -t nat --match iprange --src-range 10.4.0.2 -j SNAT --to-source $SERVER
+  ## low ports first
+  iptables -A PREROUTING -t nat --dst $SERVER -p tcp --dport 23:1024 -j DNAT --to 10.4.0.2
+  ## other ports (watch not to forward OpenVPN port 1194!)
+  # iptables -A PREROUTING -t nat --dst [server ip] --dport 1200:20000 -j DNAT --to 10.4.0.2
+  #
+  # echo 1 > /proc/sys/net/ipv4/ip_forward
+complete and (way) more secure setup: http://john.de-graaff.net/wiki/doku.php/links/openvpn#server_tls_mode_with_client-auth
+automated setup (nice!): https://github.com/Nyr/openvpn-install

ram.k0a1a.net

User Tools

Site Tools

Differences

Page Tools