As we know, VPN is frequently needed in order to connect to the Internet or other device in more safer way. So today I want to show you how to create your own VPN server using OpenVPN on Ubuntu 12.04
First, we run apt-get update & apt-get upgrade to update & upgrade the repo/package
Then, we get the openvpn & openssl package via apt-get install openvpn openssl
After that, cd to openvpn dir;
cd /etc/openvpn
Then, we copy the file to the correct dir;
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
Edit the vars file;
vi easy-rsa/vars
Change from this;
export EASY_RSA=”`pwd`”
to this;
export EASY_RSA=”/etc/openvpn/easy-rsa“
Then, we run this 2 commands;
. ./easy-rsa/vars
./easy-rsa/clean-all
Enter the dir;
cd easy-rsa
Link the config file;
ln -s openssl-1.0.0.cnf openssl.cnf
Then, we reverse the dir a step back, then we run this commands;
cd ..
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server
./easy-rsa/build-key client1
./easy-rsa/build-dh
Edit the config gile;
vi openvpn.conf
Begin openvpn.conf contents – copy below this line
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push “redirect-gateway def1”
#set the dns servers
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
log-append /var/log/openvpn
comp-lzo
end openvpn.conf contents – copy above this line
Enable ipv4 ip_forwarding;
echo 1 > /proc/sys/net/ipv4/ip_forward
Do “ifconfig” to get adapter name and ipaddress (venet0 was mine since my vps is using openvz)
Then, we put this iptables rule;
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT –to YOUR.VPS.IP
Please ensure that you vps ip is correct
Then we go dir backward & edit the sysctl file;
cd ..
vi sysctl.conf
uncomment (remove the #) from the line containing #net.ipv4.ip_forward=1
Create new openvpn config file;
Begin newvpn.ovpn contents – copy below this line
dev tun
client
proto udp
remote YOUR.VPS.IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
end newvpn.ovpn contents – copy above this line
Copy all this file;
ca.crt
client1.crt
client1.key
newvpn.ovpn
and place it under 1 folder (e.g. vpn client)
Start the openvpn service;
service openvpn start
The software that I use to download the files required by openvpn client is called WinSCP. It allows you to transfer files via SSH. This is useful if you do not have an ftp or http server running.
Download all the config file (vpn client folder) to client/user PC via WinSCP.
The openvpn client that I use is openvpn protable. Paste the config folder to OpenVPNPortabledataconfig
Run the openvpn client to see if it is connected or not.
Credit to geeksandtweaks.com