Server:
- install openvpn
- generate your key:
cd /etc/ && openvpn --genkey --secret key.txt
- create your config file:
/etc/openvpn.tap.conf
daemon
dev tap0
proto udp
comp-lzo
status /var/log/openvpn-tap.log
verb 4
secret /etc/key.txtping 15
ping-restart 300
resolv-retry 300
ping-timer-rem
persist-tun
persist-keyuser nobody
group nogroup
- create your init-script:
/etc/init.d/openvpn
#!/bin/sh /etc/rc.common
#/etc/init.d/openvpn
START=55start() {
openvpn --mktun --dev tap0
brctl addif br-lan tap0
ifconfig tap0 0.0.0.0 promisc up
openvpn /etc/openvpn.tap.conf
}stop() {
brctl delif br-lan tap0
ifconfig tap0 down
killall openvpn
}
- set the rights:
chmod 400 /etc/key.txt
chmod 644 /etc/openvpn.tap.conf
chmod 755 /etc/init.d/openvpn
- allow OpenVPN to the internet:
/etc/firewall.user
### Open VPN to WAN
iptables -t nat -A prerouting_wan -p udp --dport 1194 -j ACCEPT
iptables -A input_wan -p udp --dport 1194 -j ACCEPT
Client:
- install OpenVPN-GUI
- copy key.txt to C:\Programme\OpenVPN\config\
- create your config:
C:\Programme\OpenVPN\config\client.ovpn
dev tap0
proto udp
remote your_remote_host 1194
resolv-retry infinite
nobind
secret key.txt
comp-lzo
verb 3
---------------------------------------------------------------------------------------
* If your setup works as you want, you can start OpenVPN at boot with /etc/init.d/openvpn enable
* If you don't have a bridge yet (brctl show), then you have to create the bridge in /etc/init.d/openvpn first.
* If you want more user, you may want to look at certificates instead of static keys.
* Suggestions/Improvements are welcome