I’ve got a few VPN links in place using OpenVPN and thought it’s about time I documented how incase something goes wrong in the future.
First was the install:-
apt-get install openvpn
Once installed:-
cd /etc/openvpn
Then Generate a key using:-
openvpn --genkey --secret static.key
Create the config file using:-
nano -w server2.conf
remote server2.example.co.uk
float
port 8008
dev tun203
ifconfig 192.168.204.203 192.168.203.204
proto udp
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/static.key
;route 192.168.203.0 255.255.255.0
chroot /var/empty
user nobody
group nogroup
log vpn.log
verb 0
Things that need changing are the server address and the local and remote IP addresses. Also check the chroot, user and group exist.
Next copy the static.key from server1 to server2. Then create a server1.conf in /etc/openvpn/
nano -w server1.conf
remote server1.example.co.uk
float
port 8008
dev tun203
ifconfig 192.168.203.204 192.168.204.203
proto udp
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/static.key
;route 192.168.204.0 255.255.255.0
chroot /var/empty
user nobody
group nogroup
log vpn.log
verb 0
Notice how the IP configuration on this server is reversed. These IP addresses are just used by the tunnel and do not have to be within your normal network range. However for routing to multiple network segments it seemed easier to keep these addresses within the network range for me so it’s easier to trace where the fault lies if something goes wrong.
Last thing to check is that ip_forwarding is also enabled
cat /proc/sys/net/ipv4/ip_forward
Once the connections are established, it’s probably worth having some routing info pushed to each server. For simple routing you can uncomment the option in the configs above. For more advanced routing it’s worth installing Quagga.
I’ll need to update this with better details on what the configs do. But that’ll get it running in a simple setup.