lookingcloudy · March 16, 2023 05:38 · SiaKzi · Mar 16, 2023
diff --git a/client.opvn b/client.opvn
 #sample client configuration file
 #place the ca.crt, client.crt, and client.key
 #in the same folder as this configuration file.
 #Import this into your OpenVPN client

 client
 dev tun
 proto udp

 # change this to the IP or name of your server
 remote home.mydyndns.org 1194

 resolv-retry infinite
 nobind
 persist-key
 persist-tun

 ca ca.crt

 #use the name of the certificate you generated
 cert client.crt
 key client.key
 comp-lzo
 verb 3
diff --git a/install instructions b/install instructions
 # install open vpn server for open media vault
 # these steps need to be run manually on the OMV server
 # as the OMV server will not allow to run as a shell script

 #need to add the standard debian repository
 echo 'deb http://ftp.us.debian.org/debian sid main' >>/etc/apt/sources.list

 #next update the repositories
 apt-get update

 #install open vpn packages
 apt-get install openvpn -y
 apt-get install easy-rsa -y
 mkdir /etc/openvpn/easy-rsa/
 cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/


 #cofigure CA & client keys - note update this with your information
 echo 'export KEY_COUNTRY="US"' > /etc/openvpn/easy-rsa/vars
 echo 'export KEY_PROVINCE="FL"' >> /etc/openvpn/easy-rsa/vars
 echo 'export KEY_CITY="Tampa"' >> /etc/openvpn/easy-rsa/vars
 echo 'export KEY_ORG="none"' >> /etc/openvpn/easy-rsa/vars
 echo 'export KEY_EMAIL="[email protected]"' >> /etc/openvpn/easy-rsa/vars

 #use your name, computer name, etc for this
 echo 'export KEY_CN="client" '>> /etc/openvpn/easy-rsa/vars
 echo 'export KEY_NAME="client" '>> /etc/openvpn/easy-rsa/vars

 echo 'export KEY_OU="home.mydyndns.org" '>> /etc/openvpn/easy-rsa/vars
 echo 'export KEY_ALTNAMES="[email protected]" '>> /etc/openvpn/easy-rsa/vars

 cd /etc/openvpn/easy-rsa/
 source vars
 ./clean-all
 ./build-ca

 ./build-key-server server
 ./build-dh
 cd keys/
 cp server.crt /etc/openvpn/
 cp server.key  /etc/openvpn/


 cp ca.crt  /etc/openvpn/
 cp dh2048.pem /etc/openvpn/

 cd /etc/openvpn/easy-rsa/
 source vars
 ./build-key client

 #the client certs need to be copied to clients.  should be removed from the server
 cd /etc/openvpn
 tar czvf client.gz ca.crt easy-rsa/keys/client.crt easy-rsa/keys/client.key

 ## copy the client.gz to your client computer


 #CONFIGURE OPENVPN SERVER
 cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
 gzip -d /etc/openvpn/server.conf.gz
 sed -i.bak 's/\(cert \).*$/\1'"server"'.crt/' server.conf
 sed -i.bak 's/\(key \).*$/\1'"server"'.key/' server.conf
 sed -i.bak 's/\(dh \).*$/\1dh2048.pem/' server.conf

 #push private network to clients - assumes your private network is 10.0.0.0/24
 echo 'push "route 10.0.0.0 255.255.255.0"' > server.conf

 #redirect all traffic to the VPN tunnel, including DHCP, DNS, etc
 echo 'push "redirect-gateway def1 bypass-dhcp"' > server.conf

 #push dns settings - assuming you have setup a local DNS server on your OMV server
 #and your OMV server is 10.0.0.100
 #if you are not running a DNS server on your private network, comment this line out
 echo 'push "dhcp-option DNS 10.0.0.100"' > server.conf

 #CONFIGURE IPV4 FORWARDING - THIS IS ONLY FOR CURRENTLY RUNNING SYSTEM
 echo 1 > /proc/sys/net/ipv4/ip_forward

 #THIS MAKES PORT FORWARDING PERM
 sed -i.bak 's/#\(net.ipv4.ip_forward\).*$/\1=1/' /etc/sysctl.conf

 #TO HAVE INTERNET ACCESS THROUGH THE VPN TUNNEL...NEED TO RUN THE FOLLOWING AS ROOT
  modprobe iptable_nat
  sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  iptables -t nat -A POSTROUTING -s 10.8.80.0/24 -o eth0 -j MASQUERADE
  iptables-save > /etc/iptables.conf
  echo '#!/bin/sh' > /etc/network/if-up.d/iptables
  echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables
  chmod +x /etc/network/if-up.d/iptables

 #This is a good mac client for OpenVPN
 #http://sourceforge.net/projects/tunnelblick/files/All%20files/Tunnelblick_3.4.1_r3054.dmg/download

 #change your router to forward the following ports to your openvpn server
 # 1194/udp -> to your internal open vpn sever IP address
 # 943/tcp -> to your internal open vpn server IP address

 #also if you are access other servers on your private network, those servers will need to know how to
 #return traffic back to 10.8.0.0 network.  In most cases, you can add a static route on your router.
diff --git a/server.conf b/server.conf
 #Sample server.conf file for openvpn

 port 1194
 proto udp
 dev tun
 ca ca.crt

 #assumes you generated a server key named 'server'
 cert server.crt
 key server.key

 dh dh2048.pem

 server 10.8.0.0 255.255.255.0
 ifconfig-pool-persist ipp.txt

 #only if there is a private network 10.0.0.0 behind the VPN server
 push "route 10.0.0.0 255.255.255.0"

 #redirects all traffic, including DHCP and DNS to the client
 push "redirect-gateway def1 bypass-dhcp"

 #only if you are running a private DNS server at 10.0.0.100
 push "dhcp-option DNS 10.0.0.100"

 keepalive 10 120
 comp-lzo
 user nobody
 group nogroup
 persist-key
 persist-tun
 status openvpn-status.log
 verb 3
	#sample client configuration file
	#place the ca.crt, client.crt, and client.key
	#in the same folder as this configuration file.
	#Import this into your OpenVPN client

	client
	dev tun
	proto udp

	# change this to the IP or name of your server
	remote home.mydyndns.org 1194

	resolv-retry infinite
	nobind
	persist-key
	persist-tun

	ca ca.crt

	#use the name of the certificate you generated
	cert client.crt
	key client.key
	comp-lzo
	verb 3
	# install open vpn server for open media vault
	# these steps need to be run manually on the OMV server
	# as the OMV server will not allow to run as a shell script

	#need to add the standard debian repository
	echo 'deb http://ftp.us.debian.org/debian sid main' >>/etc/apt/sources.list

	#next update the repositories
	apt-get update

	#install open vpn packages
	apt-get install openvpn -y
	apt-get install easy-rsa -y
	mkdir /etc/openvpn/easy-rsa/
	cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/


	#cofigure CA & client keys - note update this with your information
	echo 'export KEY_COUNTRY="US"' > /etc/openvpn/easy-rsa/vars
	echo 'export KEY_PROVINCE="FL"' >> /etc/openvpn/easy-rsa/vars
	echo 'export KEY_CITY="Tampa"' >> /etc/openvpn/easy-rsa/vars
	echo 'export KEY_ORG="none"' >> /etc/openvpn/easy-rsa/vars
	echo 'export KEY_EMAIL="[email protected]"' >> /etc/openvpn/easy-rsa/vars

	#use your name, computer name, etc for this
	echo 'export KEY_CN="client" '>> /etc/openvpn/easy-rsa/vars
	echo 'export KEY_NAME="client" '>> /etc/openvpn/easy-rsa/vars

	echo 'export KEY_OU="home.mydyndns.org" '>> /etc/openvpn/easy-rsa/vars
	echo 'export KEY_ALTNAMES="[email protected]" '>> /etc/openvpn/easy-rsa/vars

	cd /etc/openvpn/easy-rsa/
	source vars
	./clean-all
	./build-ca

	./build-key-server server
	./build-dh
	cd keys/
	cp server.crt /etc/openvpn/
	cp server.key /etc/openvpn/


	cp ca.crt /etc/openvpn/
	cp dh2048.pem /etc/openvpn/

	cd /etc/openvpn/easy-rsa/
	source vars
	./build-key client

	#the client certs need to be copied to clients. should be removed from the server
	cd /etc/openvpn
	tar czvf client.gz ca.crt easy-rsa/keys/client.crt easy-rsa/keys/client.key

	## copy the client.gz to your client computer


	#CONFIGURE OPENVPN SERVER
	cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
	gzip -d /etc/openvpn/server.conf.gz
	sed -i.bak 's/\(cert \).*$/\1'"server"'.crt/' server.conf
	sed -i.bak 's/\(key \).*$/\1'"server"'.key/' server.conf
	sed -i.bak 's/\(dh \).*$/\1dh2048.pem/' server.conf

	#push private network to clients - assumes your private network is 10.0.0.0/24
	echo 'push "route 10.0.0.0 255.255.255.0"' > server.conf

	#redirect all traffic to the VPN tunnel, including DHCP, DNS, etc
	echo 'push "redirect-gateway def1 bypass-dhcp"' > server.conf

	#push dns settings - assuming you have setup a local DNS server on your OMV server
	#and your OMV server is 10.0.0.100
	#if you are not running a DNS server on your private network, comment this line out
	echo 'push "dhcp-option DNS 10.0.0.100"' > server.conf

	#CONFIGURE IPV4 FORWARDING - THIS IS ONLY FOR CURRENTLY RUNNING SYSTEM
	echo 1 > /proc/sys/net/ipv4/ip_forward

	#THIS MAKES PORT FORWARDING PERM
	sed -i.bak 's/#\(net.ipv4.ip_forward\).*$/\1=1/' /etc/sysctl.conf

	#TO HAVE INTERNET ACCESS THROUGH THE VPN TUNNEL...NEED TO RUN THE FOLLOWING AS ROOT
	modprobe iptable_nat
	sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	iptables -t nat -A POSTROUTING -s 10.8.80.0/24 -o eth0 -j MASQUERADE
	iptables-save > /etc/iptables.conf
	echo '#!/bin/sh' > /etc/network/if-up.d/iptables
	echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables
	chmod +x /etc/network/if-up.d/iptables

	#This is a good mac client for OpenVPN
	#http://sourceforge.net/projects/tunnelblick/files/All%20files/Tunnelblick_3.4.1_r3054.dmg/download

	#change your router to forward the following ports to your openvpn server
	# 1194/udp -> to your internal open vpn sever IP address
	# 943/tcp -> to your internal open vpn server IP address

	#also if you are access other servers on your private network, those servers will need to know how to
	#return traffic back to 10.8.0.0 network. In most cases, you can add a static route on your router.
	#Sample server.conf file for openvpn

	port 1194
	proto udp
	dev tun
	ca ca.crt

	#assumes you generated a server key named 'server'
	cert server.crt
	key server.key

	dh dh2048.pem

	server 10.8.0.0 255.255.255.0
	ifconfig-pool-persist ipp.txt

	#only if there is a private network 10.0.0.0 behind the VPN server
	push "route 10.0.0.0 255.255.255.0"

	#redirects all traffic, including DHCP and DNS to the client
	push "redirect-gateway def1 bypass-dhcp"

	#only if you are running a private DNS server at 10.0.0.100
	push "dhcp-option DNS 10.0.0.100"

	keepalive 10 120
	comp-lzo
	user nobody
	group nogroup
	persist-key
	persist-tun
	status openvpn-status.log
	verb 3