OpenVPN: A default config template for server and client


these are just 2 templates for a OpenVPN Server and a clients based on the post.

The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.

# Root Directory of the CA
export CA_ROOT_DIRECTORY=${HOME}/openvpn/CA
# The common directory
# Directory for Server Certificate
# The CRL
export CA_CRL=${CA_COMMON_DIR}/crl.pem
# The Environment variable where openssl looking for its config
export OPENSSL_CONF=${CA_COMMON_DIR}/openssl.cfg
# Move default config
mv /etc/openvpn/server  /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
mkdir /etc/openvpn/vpnsrv
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p  /var/log/openvpn

Create a .conf file in /etc/openvpn. For example /etc/openvpn/vpnsrv.conf.

# daemon openvpn
# Topology Subnet needs no /30 Subnet for Clients, requieres OpenVPN 2.1
port 1194
proto udp
# dev tun
dev tap0
pkcs12 "/etc/openvpn/vpnsrv/server.p12"
dh "/etc/openvpn/vpnsrv/dh.pem"
crl-verify /etc/openvpn/vpnsrv/crl.pem
mode server
# server-bridge
topology subnet
# client-to-client
# client-config-dir /etc/openvpn/staticclients
ifconfig-pool-persist "/var/run/openvpn/ips.txt"
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
keepalive 10 30
# link-mtu 1400
verb 3
#, see --dhcp-option type [parm]
push "dhcp-option DOMAIN yourdomain.local"
push "dhcp-option DNS"
push "route"
push "explicit-exit-notify 3"

apt-get install openvpn
systemctl enable openvpn.service
systemctl start openvpn.service

And the (Windows) client. Generate Key and Certificate, copy those and the diffie hellman file to the clients. Goto the openvpn config directory “C:\Program Files\OpenVPN\config” and create a .ovpn file there. For example “C:\Program Files\OpenVPN\config\yourvpn.ovpn”.

# vpn server dns name
remote 1194
# Fallback in case of name cannot resolve
remote 1194
proto udp
dev tap
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem"
pkcs12 "C:\\Program Files\\OpenVPN\\config\\client.p12"
ns-cert-type server
keepalive 10 30
# link-mtu 1400
verb 3
management 45698
script-security 2
# Scripts must resides in the same directory where the .ovpn file is stored
# up "config\\tin_up.bat"
# up tin_up.bat
# ipchange ipchg.cmd
# down "config\\tin_down.bat"
# down tin_down.bat

Read this post if you want to setup openvpn and a webserver so that they are reachable at the same TCP Port.


Advertisment to support

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.