Home » Blogs » deekayen's blog

OpenVPN server on Debian Lenny

vi /etc/hostname
mkdir .ssh
cd .ssh
vi authorized_keys
apt-get update
apt-get upgrade
apt-get --no-install-recommends install openvpn bridge-utils openssh-blacklist-extra
vi /etc/ssh/sshd_config
# turn off password logins
vi /etc/sysctl.conf
# turn on ipv4 forwarding
vi /etc/network/interfaces
# turn dhcp into static if you want to
cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
vi vars
# mod defaults on bottom
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key home
./build-key pleaseignore
./build-key david
./build-dh
cd keys/
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
cd /etc/openvpn/
openvpn --genkey --secret ta.key
vi /etc/openvpn/server.conf

port 1194
dev tun
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#client-config-dir ccd
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
push "route 10.10.0.1 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 75.127.97.6"
client-to-client
#tls-auth ta.key 0
cipher BF-CBC
#cipher DES-EDE3-CBC
#cipher AES-128-CBC
max-clients 20
user nobody
group nogroup
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 2
mute 20

Xen host:

mkdir /dev/net/
mknod /dev/net/tun c 10 200
openvpn --mktun --dev tun0
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j SNAT --to-source 71.20.22.71
vi /etc/rc.local

iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j SNAT --to-source 71.20.22.71

OpenVZ host (see also):

modprobe tun
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun
vzctl set 101 \
--iptables ip_tables \
--iptables ipt_REJECT \
--iptables ipt_tos \
--iptables ipt_limit \
--iptables ipt_multiport \
--iptables iptable_filter \
--iptables iptable_mangle \
--iptables ipt_TCPMSS \
--iptables ipt_tcpmss \
--iptables ipt_ttl \
--iptables ipt_length \
--iptables ipt_conntrack \
--iptables iptable_nat \
--iptables ip_nat_ftp \
--iptables ip_nat_irc \
--iptables ipt_TOS \
--iptables ipt_state \
--save
In the VM:
vi /etc/rc.local

iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT --to-source 71.20.22.71


Submitted by deekayen on Fri, 12/11/2009 - 7:07pm
» deekayen's blog · Printer-friendly version