by Timo Stankowitz [email protected]
sudo su
apt update -y
apt install openvpn -yUse the programm XCA to generate all certs and keys
mkdir /etc/openvpn/certs
copy the following files into that folder
- ca.crt
- server.crt
- server.key (chown 600)
- dh2048.pem
vi /etc/openvpn/server.conf
copy the following content into that file
port 1194
proto udp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh2048.pem
server 172.28.28.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 4.2.2.2"
push "topology subnet"
topology subnet
route 172.28.28.0 255.255.255.0
keepalive 10 120
#comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
log-append /var/log/openvpn
#!/bin/bash
echo activate MASQUERADE
iptables -t nat -A POSTROUTING -s 172.28.28.0/24 -o eth0 -j MASQUERADE
# enable ip forwarding
sysctl -w net.ipv4.ip_forward=1Reboot the server. The OpenVPN Server should start automatically. Verify it with systemctl status openvpn