Openvpn: A default config for server and client

Hi,

these are just 2 templates for a OpenVPN Server and a clients based on the post.

The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.

# Root Directory of the CA
export CA_ROOT_DIRECTORY=${HOME}/openvpn/CA
# The common directory
export CA_COMMON_DIR=${CA_ROOT_DIRECTORY}/common
# Directory for Server Certificate
export CA_SERVER_DIR=${CA_ROOT_DIRECTORY}/Server
# The CRL
export CA_CRL=${CA_COMMON_DIR}/crl.pem
# The Environment variable where openssl looking for its config
export OPENSSL_CONF=${CA_COMMON_DIR}/openssl.cfg
# Move default config
mv /etc/openvpn/server  /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
mkdir /etc/openvpn/vpnsrv
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p  /var/log/openvpn

Create a .conf file in /etc/openvpn. For example /etc/openvpn/vpnsrv.conf.
# daemon openvpn # http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html # Topology Subnet needs no /30 Subnet for Clients, requieres OpenVPN 2.1 # http://none.of-the-above.com/archives/276-openvpn-routing.html port 1194 proto udp # dev tun dev tap0 pkcs12 "/etc/openvpn/vpnsrv/server.p12" dh "/etc/openvpn/vpnsrv/dh.pem" crl-verify /etc/openvpn/vpnsrv/crl.pem mode server tls-server ifconfig 10.100.1.1 255.255.255.128 ifconfig-pool 10.100.1.10 10.100.1.126 255.255.255.128 # server-bridge 10.100.1.1 255.255.255.128 10.100.1.10 10.100.1.126 topology subnet # client-to-client # client-config-dir /etc/openvpn/staticclients ifconfig-pool-persist "/var/run/openvpn/ips.txt" status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log keepalive 10 30 # link-mtu 1400 persist-key persist-tun verb 3 # http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html, see --dhcp-option type [parm] push "dhcp-option DOMAIN yourdomain.local" push "dhcp-option DNS 10.100.1.1" push "route 10.100.2.0 255.255.255.0 10.113.71.1" push "explicit-exit-notify 3"

apt-get install openvpn
systemctl enable openvpn.service
systemctl start openvpn.service

And the (Windows) client. Generate Key and Certificate, copy those and the diffie hellman file to the clients. Goto the openvpn config directory “C:\Program Files\OpenVPN\config” and create a .ovpn file there. For example “C:\Program Files\OpenVPN\config\yourvpn.ovpn”.
client # vpn server dns name remote openvpn.yourdomain.org 1194 # Fallback in case of name cannot resolve remote 192.168.100.1 1194 proto udp dev tap dh "C:\\Program Files\\OpenVPN\\config\\dh.pem" pkcs12 "C:\\Program Files\\OpenVPN\\config\\client.p12" ns-cert-type server keepalive 10 30 # link-mtu 1400 persist-key persist-tun verb 3 management 127.0.0.1 45698 script-security 2 # Scripts must resides in the same directory where the .ovpn file is stored # up "config\\tin_up.bat" # up tin_up.bat # ipchange ipchg.cmd # down "config\\tin_down.bat" # down tin_down.bat

Read this post if you want to setup openvpn and a webserver so that they are reachable at the same TCP Port.

Michael

Michls Tech Blog

OpenVPN: A default config template for server and client

Leave a Reply Cancel reply

My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…