A simple template to set up a VPN with
- β¬οΈ
sudo apt-get install git openvpn.server
- π Create a Public Key Infrastructure (PKI):
git clone https://github.com/OpenVPN/easy-rsa.git
- cd
easy-rsa/easyrsa3
./easyrsa init-pki
- Create a Certificate Authority (CA) with
./easyrsa build-ca
and choose a passphrase - Generate your server keys and certificate:
./easyrsa gen-req server nopass
./easyrsa sign-req server server
- Generate your client keys and certificate:
./easyrsa gen-req client nopass
./easyrsa sign-req client client
- Generate Diffie Hellman parameters with
./easyrsa gen-dh
- π Copy the following files to
/etc/openvpn
:server.conf
from the repopki/ca.crt
pki/dh.pem
pki/issued/server.crt
pki/private/server.key
- π Launch the OpenVPN service with
systemctl start openvpn@server
- π Get the
client.conf
file from the repo and change the server ip address - β¬οΈ Retrieve the following files from the server:
pki/ca.crt
pki/issued/client.crt
pki/private/client.key
- π Launch the OpenVPN client:
- For MacOs User, you can install Tunnelblick
- For Linux user, you can install
sudo apt-get install openvpn
- Enable ip forwarding with
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
- Set up a masquerading rule with
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
- Uncomment
push "redirect-gateway def1 bypass-dhcp"
inserver.conf
- Check your ip address with
wget http://ipecho.net/plain -q -O - ; echo
or on ipleak