OpenVPN: A default config template for server and client

Hi,

these are just 2 templates for a OpenVPN Server and a clients based on the post.

The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.

# Root Directory of the CA
export CA_ROOT_DIRECTORY=${HOME}/openvpn/CA
# The common directory
export CA_COMMON_DIR=${CA_ROOT_DIRECTORY}/common
# Directory for Server Certificate
export CA_SERVER_DIR=${CA_ROOT_DIRECTORY}/Server
# The CRL
export CA_CRL=${CA_COMMON_DIR}/crl.pem
# The Environment variable where openssl looking for its config
export OPENSSL_CONF=${CA_COMMON_DIR}/openssl.cfg
# Move default config
mv /etc/openvpn/server  /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
mkdir /etc/openvpn/vpnsrv
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p  /var/log/openvpn


Create a .conf file in /etc/openvpn. For example /etc/openvpn/vpnsrv.conf.

# daemon openvpn
# http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html
# Topology Subnet needs no /30 Subnet for Clients, requieres OpenVPN 2.1
# http://none.of-the-above.com/archives/276-openvpn-routing.html
port 1194
proto udp
# dev tun
dev tap0
pkcs12 "/etc/openvpn/vpnsrv/server.p12"
dh "/etc/openvpn/vpnsrv/dh.pem"
crl-verify /etc/openvpn/vpnsrv/crl.pem
mode server
tls-server
ifconfig 10.100.1.1 255.255.255.128
ifconfig-pool 10.100.1.10 10.100.1.126 255.255.255.128
# server-bridge 10.100.1.1 255.255.255.128 10.100.1.10 10.100.1.126
topology subnet
# client-to-client
# client-config-dir /etc/openvpn/staticclients
ifconfig-pool-persist "/var/run/openvpn/ips.txt"
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
keepalive 10 30
# link-mtu 1400
persist-key
persist-tun
verb 3
# http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html, see --dhcp-option type [parm]
push "dhcp-option DOMAIN yourdomain.local"
push "dhcp-option DNS 10.100.1.1"
push "route 10.100.2.0 255.255.255.0 10.113.71.1"
push "explicit-exit-notify 3"

apt-get install openvpn
systemctl enable openvpn.service
systemctl start openvpn.service

And the (Windows) client. Generate Key and Certificate, copy those and the diffie hellman file to the clients. Goto the openvpn config directory “C:\Program Files\OpenVPN\config” and create a .ovpn file there. For example “C:\Program Files\OpenVPN\config\yourvpn.ovpn”.

client
# vpn server dns name
remote openvpn.yourdomain.org 1194
# Fallback in case of name cannot resolve
remote 192.168.100.1 1194
proto udp
dev tap
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem"
pkcs12 "C:\\Program Files\\OpenVPN\\config\\client.p12"
ns-cert-type server
keepalive 10 30
# link-mtu 1400
persist-key
persist-tun
verb 3
management 127.0.0.1 45698
script-security 2
# Scripts must resides in the same directory where the .ovpn file is stored
# up "config\\tin_up.bat"
# up tin_up.bat
# ipchange ipchg.cmd
# down "config\\tin_down.bat"
# down tin_down.bat

Read this post if you want to setup openvpn and a webserver so that they are reachable at the same TCP Port.

Michael

Advertisment to support michlstechblog.info

Time limit is exhausted. Please reload CAPTCHA.

Original Theme by Schiy · Powered by WordPress