Version: 0.1
Getestet: Ubuntu 8.04 LTS, OpenVPN 2.1

Server

/etc/openvpn/server.conf

;local a.b.c.d
port 443
port-share localhost 10443
proto tcp
;proto udp
dev tun
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/server.crt
dh ./easy-rsa2/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS <dns1-server-ip>"
push "dhcp-option DNS <dns2-server-ip>"
client-to-client
keepalive 10 120
cipher AES-256-CBC
auth SHA1
comp-lzo
;max-clients 100
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

/etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Packet Forwarding

iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j SNAT --to-source <ext-server-ip>

echo 1 > /proc/sys/net/ipv4/ip_forward

Client

/etc/openvpn/client.conf

client
dev tun
proto tcp
;proto udp
remote <server-ip> 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert micro.crt
key micro.key
ns-cert-type server
cipher AES-256-CBC
auth SHA1
comp-lzo
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

 

• Linux VDR
• Asus eeePC vs. Debian
• Nagios Monitoring
• Keine Chance für Spam
• Tunnelgraben im Hotel
• Tunnelgraben im Hotel v2
• Eindringlinge ?
• Geocaching mit Linux
• Debian Tipps

maec.de