This page explain briefly how to configure a VPN with OpenVPN, from both server side and client side.

  1. Install the openvpn package on both client and server.

  2. In the server's /etc/openvpn directory, run the following command to generate a static key:
    • openvpn --genkey --secret static.key
  3. Copy this static key to the clients /etc/openvpn directory using a secure channel like scp or sftp.
  4. On the server, create a new /etc/openvpn/tun0.conf file and add the following:
    • dev tun0
    • ifconfig 10.9.8.1 10.9.8.2
    • secret /etc/openvpn/static.key

Where 10.9.8.x is your VPN subnetwork, 10.9.8.1 will be IP of the server, 10.9.8.2 is IP of client.

  1. On the client, create a new /etc/openvpn/tun0.conf file and add the following:
    • remote your-server.org
    • dev tun0
    • ifconfig 10.9.8.2 10.9.8.1
    • secret /etc/openvpn/static.key
  2. On the server's firewall, open up UDP 1194 (default port).
  3. On both devices, add a new VPN zone to represent tun0 and create a default policy for it. This means adding something to the following files in /etc/shorewall:
    • zone
    • interfaces
    • policy
  4. Bear in mind that 90% of all connection problems encountered by new OpenVPN users are firewall-related.
  5. Start OpenVPN by hand on both sides with the following command:
    • openvpn --config /etc/openvpn/tun0.conf --verb 6

verb 6 returns a very verbose output.

  1. You should probably configure your route at this step.
  2. To verify that the VPN is running, you should be able to ping 10.9.8.2 from the server and 10.9.8.1 from the client.

==Application to a VPN passing through a http proxy== This part describe how to configure a VPN to pass through a http proxy, which allow only trafic on port 443 (and 80). This use the http_proxy of OpenVPN.

  1. First of all, check that the port 443 isn't already used by another service on your server.
  2. Configure OpenVPN on server side by adding port 443 and port tcp-server to the configuration file.

  3. Configure OpenVPN on the client side by adding port 443, port tcp-client and http-proxy 1.1.1.1 8080 to the configuration file.

Where 1.1.1.1 and 8080 are IP and port of your proxy.

  1. Now you should launch OpenVPN on the server and next on the client.
  2. At this time, you should configure routes to use the VPN tunnel:
    • Remove the default route through the proxy: route del default eth0

    • Add default route through your VPN: route add default gw 10.9.8.1 dev tun0

    • You should keep the route to the proxy with: route add 1.1.1.1 eth0

Update your /etc/resolv.conf according to your needs.

TODO

  1. Explain how to enable the management interface (http://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html)