ArseniyShestakov · October 8, 2016 01:55
diff --git a/client.conf b/client.conf
 client
 dev tun
 proto tcp
 remote 1.2.3.4 443

 ca ca.crt
 cert client1.crt
 key client1.key

 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 auth SHA256
 cipher AES-256-CBC
 ns-cert-type server
 comp-lzo
 verb 3
diff --git a/server-setup b/server-setup
 #### Ubuntu 14.04 Server
 # Update and upgrade system
 apt-get update
 apt-get upgrade
 # Install packages
 apt-get install openvpn easy-rsa

 ## Create OpenVPN server keys
 # Copy scripts
 cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa
 cd /etc/openvpn/easy-rsa/
 source vars
 ./clean-all
 # Create CA. Just press Enter multiple times
 ./build-ca
 # Create server certificate. Just pass all with Enter except last two requests.
 # IMPORTANT! You need to answer "y" on "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
 ./build-key-server server
 # Create DH file
 ./build-dh
 # Copy keys
 cp ./keys/server.crt ./keys/server.key ./keys/ca.crt ./keys/dh2048.pem /etc/openvpn/

 ## Configure server
 # Copy contents of this server.conf above
 # Close nano with Ctrl+O
 nano /etc/openvpn/server.conf
 # Run service
 service openvpn restart

 ## Create client certificate
 # You can pass all with Enter except last two.
 # IMPORTANT! You need to answer "y" on "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
 ./build-key client1
 # Create directory for easy download from /root
 mkdir /root/ovpn/
 # Copy files needed for client
 cp ./keys/ca.crt ./keys/client1.crt ./keys/client1.key /root/ovpn/

 ## Enable NAT forwarding if disabled
 # first of all enable it in current session
 sysctl -w net.ipv4.ip_forward=1
 # Now uncomment "net.ipv4.ip_forward=1" in sysctl config so this applied after each restart
 nano +28 /etc/sysctl.conf
 # Check status of forwarding and make sure it's return "1"


 ## Now you configure NAT for OpenVPN subnet
 # Run following commands to apply forwarding rules before restart
 iptables -A FORWARD -s 10.9.0.0/24 -j ACCEPT
 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
 # Now copy exactly same 3 lines into /etc/rc.local so rule will be set on each startup.
 # Lines have to be before "exit 0" line
 nano +13 /etc/rc.local
diff --git a/server.conf b/server.conf
 port 443
 proto tcp
 dev tun
 fast-io
 auth SHA256
 cipher AES-256-CBC

 ca ca.crt
 cert server.crt
 key server.key
 dh dh2048.pem

 server 10.9.0.0 255.255.255.0
 ifconfig-pool-persist ipp.txt
 push "route 10.9.0.0 255.255.255.0"
 push "redirect-gateway def1 bypass-dhcp"
 push "dhcp-option DNS 8.8.8.8"
 push "dhcp-option DNS 8.8.6.6"
 keepalive 10 120
 comp-lzo
 user nobody
 group nogroup
 persist-key
 persist-tun
 status openvpn-status.log
 verb 3
	client
	dev tun
	proto tcp
	remote 1.2.3.4 443

	ca ca.crt
	cert client1.crt
	key client1.key

	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	auth SHA256
	cipher AES-256-CBC
	ns-cert-type server
	comp-lzo
	verb 3
	#### Ubuntu 14.04 Server
	# Update and upgrade system
	apt-get update
	apt-get upgrade
	# Install packages
	apt-get install openvpn easy-rsa

	## Create OpenVPN server keys
	# Copy scripts
	cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa
	cd /etc/openvpn/easy-rsa/
	source vars
	./clean-all
	# Create CA. Just press Enter multiple times
	./build-ca
	# Create server certificate. Just pass all with Enter except last two requests.
	# IMPORTANT! You need to answer "y" on "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
	./build-key-server server
	# Create DH file
	./build-dh
	# Copy keys
	cp ./keys/server.crt ./keys/server.key ./keys/ca.crt ./keys/dh2048.pem /etc/openvpn/

	## Configure server
	# Copy contents of this server.conf above
	# Close nano with Ctrl+O
	nano /etc/openvpn/server.conf
	# Run service
	service openvpn restart

	## Create client certificate
	# You can pass all with Enter except last two.
	# IMPORTANT! You need to answer "y" on "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
	./build-key client1
	# Create directory for easy download from /root
	mkdir /root/ovpn/
	# Copy files needed for client
	cp ./keys/ca.crt ./keys/client1.crt ./keys/client1.key /root/ovpn/

	## Enable NAT forwarding if disabled
	# first of all enable it in current session
	sysctl -w net.ipv4.ip_forward=1
	# Now uncomment "net.ipv4.ip_forward=1" in sysctl config so this applied after each restart
	nano +28 /etc/sysctl.conf
	# Check status of forwarding and make sure it's return "1"


	## Now you configure NAT for OpenVPN subnet
	# Run following commands to apply forwarding rules before restart
	iptables -A FORWARD -s 10.9.0.0/24 -j ACCEPT
	iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
	# Now copy exactly same 3 lines into /etc/rc.local so rule will be set on each startup.
	# Lines have to be before "exit 0" line
	nano +13 /etc/rc.local
	port 443
	proto tcp
	dev tun
	fast-io
	auth SHA256
	cipher AES-256-CBC

	ca ca.crt
	cert server.crt
	key server.key
	dh dh2048.pem

	server 10.9.0.0 255.255.255.0
	ifconfig-pool-persist ipp.txt
	push "route 10.9.0.0 255.255.255.0"
	push "redirect-gateway def1 bypass-dhcp"
	push "dhcp-option DNS 8.8.8.8"
	push "dhcp-option DNS 8.8.6.6"
	keepalive 10 120
	comp-lzo
	user nobody
	group nogroup
	persist-key
	persist-tun
	status openvpn-status.log
	verb 3