Chapter Three Part Three Section Three: How To Build An OpenVPN

Looking for a simple, stable and significant VPS as your web hosting? Check out DigitalOcean, only $5 per month, and you can get $10 in credit just for signing up now.

OpenVPN

It is also easy to build an OpenVPN with the following 9 steps:

1. Install OpenVPN

Enter the following command to install OpenVPN:

apt-get install openvpn

2. Move easy-rsa into the correct place

Enter the following command:

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

Press the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory.

3. Generate keys

Enter the following commands one by one:

cd /etc/openvpn/easy-rsa/2.0

. ./vars

./clean-all

./build-ca

./build-key-server server

./build-key client

./build-dh

Remember to press the "Return" key at each line, and answer "yes" to all "yes/no" questions:

4. Apply iptables rules

Enter the following command:

vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.

After that, enter the following code:

sysctl -p

Then you will see the following message as a result:

net.ipv4.ip_forward=1

Then create iptables rules with the following command:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142

Remember to replace "178.18.17.142" with the actual IP address of your server.

5. Create the VPS OpenVPN configuration file

Enter the following command:

# vi /etc/openvpn/server.conf

And paste the following contents:

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

6. Start OpenVPN

You can start OpenVPN with the following command:

# /etc/init.d/openvpn start

7. Create the PC OpenVPN configuration file

Enter the following command:

vi /etc/openvpn/easy-rsa/2.0/keys/client.conf

And insert the following contents:

client
dev tun
proto udp
remote 178.18.17.142 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
redirect-gateway
script-security 2

Remember to replace "178.18.17.142" with your own VPS' IP address.

8. For reboot

In order to redo the above iptables settings when you reboot your VPS, you can enter the following command:

vi /etc/rc.local

And insert the following contents above the line of "exit 0" :

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142
openvpn /etc/openvpn/server.conf

Remember to replace "178.18.17.142" with the actual IP address of your VPS.

9. Download some things to your PC

You need to download the following 4 files to your local PC:

  • client.conf
  • ca.crt
  • client.crt
  • client.key

To do so, you can use Fetch (for Mac), WinSCP (for Windows) or some other SFTP software.

When it is finished, go to the root of your user name, and move the 4 download files to your local OpenVPN configurations folder, then your own OpenVPN is ready.

Spread the love
This entry was posted in E-book and tagged , . Bookmark the permalink.