eegrok · May 4, 2011 22:26
diff --git a/vpn-setup.txt b/vpn-setup.txt
 #partially from:
 #http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
 # in this I refer to the server and the client -- really the only difference here is that the 'server'
 # needs to have a publicly accessible IP, and be configured to allow UDP port 1194 to connect inbound
 iptables -A INPUT -s <put-client-public-ip-address-here> -p udp -m udp --dport 1194 -j ACCEPT
 # other than that, they can communicate both ways, assuming the client firewall is configured to allow it
 # (to firewall the client to prevent all server connections, see below)
 # don't forget to save your iptables configurations after making them -- https://gist.github.com/958060
 #on server, make sure openvpn is installed (on ubuntu it's simply: aptitude install openvpn)
 # to install on rhel5, follow this: https://gist.github.com/957868
 cd /etc/openvpn
 #generate a shared key
 openvpn --genkey --secret static.key
 #you'll need to copy the shared key above to the client /etc/openvpn directory

 # the following lines copy server.conf (from https://gist.github.com/956165 ) into /etc/openvpn
 wget https://gist.github.com/raw/956165/openvpn-server.conf --no-check-certificate
 mv openvpn-server.conf /etc/openvpn/server.conf

 #on client, make sure openvpn is installed
 cd /etc/openvpn
 # the following lines copy client.conf (from https://gist.github.com/956183 ) into /etc/openvpn
 wget https://gist.github.com/raw/956183/openvpn-client.conf --no-check-certificate
 mv openvpn-client.conf /etc/openvpn/client.conf

 #modify client.conf to use the remote server's public ip address (remote line)

 #start openvpn to test your config (on server first, then client)
 service openvpn start

 ping 172.23.0.1

 # then ping 172.23.0.2 from the server

 # if your pings aren't working, you may need to make sure they're being allowed by the server firewall
 iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 172.23.0.1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

 # if still not working, try looking at the stdout for both server / client -- adding the line
 verb 6
 # to both configuration files

 # make sure your firewall configuration is set up to allow any ports you want to connect, e.g.:
 # to allow mysql from the client to the server:
 # run this command on the server
 iptables -A INPUT -s 172.23.0.2 -p tcp -m tcp --dport 3306 -j ACCEPT

 # to set it up so the server can't connect to the client at all, use the following rules
 # allow existing connections to send traffic both ways
 # run these commands on the client
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -s 172.23.0.1 -j DROP
	#partially from:
	#http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
	# in this I refer to the server and the client -- really the only difference here is that the 'server'
	# needs to have a publicly accessible IP, and be configured to allow UDP port 1194 to connect inbound
	iptables -A INPUT -s <put-client-public-ip-address-here> -p udp -m udp --dport 1194 -j ACCEPT
	# other than that, they can communicate both ways, assuming the client firewall is configured to allow it
	# (to firewall the client to prevent all server connections, see below)
	# don't forget to save your iptables configurations after making them -- https://gist.github.com/958060
	#on server, make sure openvpn is installed (on ubuntu it's simply: aptitude install openvpn)
	# to install on rhel5, follow this: https://gist.github.com/957868
	cd /etc/openvpn
	#generate a shared key
	openvpn --genkey --secret static.key
	#you'll need to copy the shared key above to the client /etc/openvpn directory

	# the following lines copy server.conf (from https://gist.github.com/956165 ) into /etc/openvpn
	wget https://gist.github.com/raw/956165/openvpn-server.conf --no-check-certificate
	mv openvpn-server.conf /etc/openvpn/server.conf

	#on client, make sure openvpn is installed
	cd /etc/openvpn
	# the following lines copy client.conf (from https://gist.github.com/956183 ) into /etc/openvpn
	wget https://gist.github.com/raw/956183/openvpn-client.conf --no-check-certificate
	mv openvpn-client.conf /etc/openvpn/client.conf

	#modify client.conf to use the remote server's public ip address (remote line)

	#start openvpn to test your config (on server first, then client)
	service openvpn start

	ping 172.23.0.1

	# then ping 172.23.0.2 from the server

	# if your pings aren't working, you may need to make sure they're being allowed by the server firewall
	iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 172.23.0.1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

	# if still not working, try looking at the stdout for both server / client -- adding the line
	verb 6
	# to both configuration files

	# make sure your firewall configuration is set up to allow any ports you want to connect, e.g.:
	# to allow mysql from the client to the server:
	# run this command on the server
	iptables -A INPUT -s 172.23.0.2 -p tcp -m tcp --dport 3306 -j ACCEPT

	# to set it up so the server can't connect to the client at all, use the following rules
	# allow existing connections to send traffic both ways
	# run these commands on the client
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A INPUT -s 172.23.0.1 -j DROP