Never Ending Security

It starts all here

OpenVPN Cheatsheet


How to setup Openvpn – Debian based Machines

Step 1- Install Openvpn

sudo apt-get install openvpn

Step 2- Copy all the files to make generate your keys(Server/Client)

mkdir /etc/openvpn/thekeys
cp -a /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/thekeys/
cd /etc/openvpn/thekeys/2.0/

Step 3- Edit the vars / building the Certificate Authority and generate some keys

vim vars
(Edit to the proper values for each KEY_*value)
source vars
(All the fields you edited before should show up when building the CA)
./build-key-server [nameofserver]
./build-key [nameofclient]
(You can build multiple clients if you intend to have more than one user/machine)

Step 4- Copy the newly created keys to the /etc/openvpn directory

cp /etc/openvpn/thekeys/2.0/keys/ca.crt /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/[nameofserver].crt /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/[nameofserver].key /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/dh1024.pem /etc/openvpn

Step 5- Move the client keys to the client machine(via scp or flash drive)

cp /etc/openvpn/thekeys/2.0/keys/ca.crt [/path/to/flashdrive]
cp /etc/openvpn/thekeys/2.0/keys/[nameofclient].crt [/path/to/flashdrive]
cp /etc/openvpn/thekeys/2.0/keys/[nameofclient].key [/path/to/flashdrive]

Step 6- Copy and setup the server.conf file or use mine

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d server.conf.gz
vim server.conf

#OpenVPN Server Config
port 443
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/[nameofserver].crt
key /etc/openvpn/[nameofserver].key
dh /etc/openvpn/dh1024.pem
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS″
push “dhcp-option DNS″
keepalive 10 120
cipher AES-256-CBC   # AES
status openvpn-status.log
verb 3

Step 7- Add the Openvpn Server to startup

update-rc.d openvpn defaults

Step 8- Turn on Permanent IPV4 forwarding

vim /etc/sysctl.conf
(Uncomment the line net.ipv4.ip_forward=1)

Step 9- Setup IPTables Rules for the VPN

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Step 10- Client Setup – (Windows / Linux / Mac) [Client Config Example Below]

dev tun
proto udp
remote [ip/domain of server] 443
resolv-retry infinite
ca [/path/to/ca.crt]
cert [/path/to/client.crt]
key [/path/to/client.key]
ns-cert-type server
cipher AES-256-CBC # AES
verb 3
#redirect-gateway #remove comment if you would like to send all traffic through tunnel

-Download the Openvpn client / Install it
-Navigate to the openvpn config directory
-Drop the client.conf file and the ca.crt, client.crt, and client.key in this directory
-Launch the GUI and connect

-Add the client.conf, ca.crt, client.key, client.crt to the /etc/openvpn directory
-Run openvpn –config /etc/openvpn/client.conf &

-Download and run Tunnelblick
-When recieving the “Welcome Message” Select the “Open configuration foler” option
-Drop the client.conf, ca.crt, client.crt, and client.key in the new folder
-Whatever you name your folder tunnelblick will use as a name for the connection
-When ready from the tunnelblick icon select Connect ‘Connection’

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s