Category Archives: OpenVPN

Usefull scripts, sample configs and howtos for OpenVPN

OpenVPN: A default config template for server and client

Hi,

these are just 2 templates for a OpenVPN Server and a clients based on the post.

The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.

# Root Directory of the CA
export CA_ROOT_DIRECTORY=${HOME}/openvpn/CA
# The common directory
export CA_COMMON_DIR=${CA_ROOT_DIRECTORY}/common
# Directory for Server Certificate
export CA_SERVER_DIR=${CA_ROOT_DIRECTORY}/Server
# The CRL
export CA_CRL=${CA_COMMON_DIR}/crl.pem
# The Environment variable where openssl looking for its config
export OPENSSL_CONF=${CA_COMMON_DIR}/openssl.cfg
# Move default config
mv /etc/openvpn/server  /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
mkdir /etc/openvpn/vpnsrv
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p  /var/log/openvpn

Continue reading OpenVPN: A default config template for server and client

OpenVPN: Built a certification authority from scratch with openssl

Hi,

these are the steps to build your own CA (Certification Authority) and all requiered certificates for a OpenVPN instance (Client and Server) on Linux.

Define your environment. Always set these variables in the shell before executing openssl commands. Adjust it to your needs.
Continue reading OpenVPN: Built a certification authority from scratch with openssl

OpenVPN: Connect to multiple VPNs on Windows

Hi,

on Windows OpenVPN by default installs one TAP network interface. If you want to connect to multiple VPNs simultaneously you need an interface for each VPN.

You can add a additional adapter by a batch file provided by the TAP driver. Open a command prompt with administrative rights and change to the TAP install folder.

c:\> cd "C:\Program Files\TAP-Windows\bin"

and call
Continue reading OpenVPN: Connect to multiple VPNs on Windows

OpenVPN: Change the default TCP/UDP Ports

Hi,

sometimes it make sense to change the default ports of an OpenVPN installation, because these are those which are in case of an vulnerability scan attacked first or some company firewall rules makes it necessary.

With the

port 1194

directive in your config file the source and destination port for connections is always 1194.

For outgoing connections there are two ways to alter the source port:
Continue reading OpenVPN: Change the default TCP/UDP Ports

OpenVPN: Read certificate passphrase from file

Hello,

when you establish a OpenVPN connection with a password protected ceritificate you have enter the passphrase each time when OpenVPN starts.

This isn’t nice if you want to connect at system startup without an user interaction.
Continue reading OpenVPN: Read certificate passphrase from file