photonxp · April 25, 2014 06:01
diff --git a/openvpn configure notes b/openvpn configure notes
 openvpn configure notes:

 Follow the process on debian wiki: https://wiki.debian.org/OpenVPN
 The process is almost OK. Only a few adjustments is required as below:

 checking:
 $ which openvpn

 The default directory after installation is: /etc/openvpn/
 All relative path in .conf files points to this path.

 Openvpn will start automatically when server reboots.

 Openvpn will check each .conf file under /etc/openvpn and use all of them when possible

 Be sure to execute the 3 iptables command, in case the response packet couldn't return to VPN server due to improper src address in request packets.

 iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -s 10.9.8.0/24 -o eth0 -j ACCEPT
 iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -o eth0 -j MASQUERADE

 Check the netmask of subnet.

 change dev0 to dev in the formal .conf file. Reasons unknown.

 Print "y" for any command prompt when execute the following the lines:
 # ./build-ca
 # ./build-key-server server
 ./build-dh
 ./build-key clientname

 Change relative paths to absolute paths for the first time. And change back to relative paths when necessary.

 Some directives in the .conf file could be changed or removed.

 changed directives:
 port 1194
 proto udp

 removed directives:
 push "dhcp-option DNS 8.8.8.8"
 client-to-client
 set CLIENT_CERT 0

 Folloing route commands in the client is not necessary:
 # ip route add VPNSERVER_IP via LOCALGATEWAY_IP dev eth0  proto static
 # ip route change default via 10.9.8.5 dev tun0  proto static   //client tun0 10.9.8.5
	openvpn configure notes:

	Follow the process on debian wiki: https://wiki.debian.org/OpenVPN
	The process is almost OK. Only a few adjustments is required as below:

	checking:
	$ which openvpn

	The default directory after installation is: /etc/openvpn/
	All relative path in .conf files points to this path.

	Openvpn will start automatically when server reboots.

	Openvpn will check each .conf file under /etc/openvpn and use all of them when possible

	Be sure to execute the 3 iptables command, in case the response packet couldn't return to VPN server due to improper src address in request packets.

	iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A FORWARD -s 10.9.8.0/24 -o eth0 -j ACCEPT
	iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -o eth0 -j MASQUERADE

	Check the netmask of subnet.

	change dev0 to dev in the formal .conf file. Reasons unknown.

	Print "y" for any command prompt when execute the following the lines:
	# ./build-ca
	# ./build-key-server server
	./build-dh
	./build-key clientname

	Change relative paths to absolute paths for the first time. And change back to relative paths when necessary.

	Some directives in the .conf file could be changed or removed.

	changed directives:
	port 1194
	proto udp

	removed directives:
	push "dhcp-option DNS 8.8.8.8"
	client-to-client
	set CLIENT_CERT 0

	Folloing route commands in the client is not necessary:
	# ip route add VPNSERVER_IP via LOCALGATEWAY_IP dev eth0 proto static
	# ip route change default via 10.9.8.5 dev tun0 proto static //client tun0 10.9.8.5