mini-guide: Basic OpenVPN Server

This post is especially for Rommel. He saw my last mini-guides on OpenVPN on RouterOS, and wanted to know how to set up an OpenVPN Server on Linux that operates the same as the OpenVPN Server in RouterOS.

So, this one will be short and simple, as there are a thousand different ways to do an OpenVPN Server on linux, but this way will make it work the same way its configured in my mini-guide.

Start be installing OpenVPN on your Linux machine.
In Ubuntu or Debian, this is as easy as

sudo apt-get install openvpn

Lets get the Certificates in the keys directory, if you haven’t already done it as part of the certificate generation mini-guide.

sudo mkdir /etc/openvpn/keys

Put your server .key and .crt in here, as well as your ca.crt

You will also want to copy the dh1024.pem from your certificate store.

Then, create a configuration file (we’ll call it server.conf), in /etc/openvpn/

sudo vi /etc/openvpn/server.conf

And stick the following in it:

port 1194
proto tcp
dev tun
server 10.1.0.1 255.255.255.0
ca /etc/openvpn/keys/ca.crt 
cert /etc/openvpn/keys/ovpn-server.crt 
key /etc/openvpn/keys/ovpn-server.key 
dh /etc/openvpn/keys/dh1024.pem 
ifconfig-pool-persist ipp.txt 
keepalive 10 120 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn/server-status.log 
verb 3

Save it, and restart openvpn

/etc/init.d/openvpn restart

And that should do it.

If you want to NAT all traffic out towards the Internet, giving the VPN users internet access, add a masquerade rule. Assuming eth1 is your internet facing network interface.

sudo iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

Simple as that!