Linux/OpenVPN: Unterschied zwischen den Versionen
< Linux
Thomas (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Thomas (Diskussion | Beiträge) |
||
| Zeile 4: | Zeile 4: | ||
Do not forget to first setup the key infrastructure: https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts | Do not forget to first setup the key infrastructure: https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts | ||
Add these lines to /etc/openvpn/openvpn.conf for routing all traffic: | |||
Add these lines to /etc/openvpn/openvpn.conf: | |||
push "dhcp-option DNS 8.8.8.8" | push "dhcp-option DNS 8.8.8.8" | ||
push "redirect-gateway def1" | push "redirect-gateway def1" | ||
| Zeile 17: | Zeile 14: | ||
CONFIG_IP_NF_NAT | CONFIG_IP_NF_NAT | ||
Allow IP forwarding in /etc/sysctl.conf: | |||
net.ipv4.ip_forward = 1 | net.ipv4.ip_forward = 1 | ||
Check that it is | Check that it is allowed: | ||
cat /proc/sys/net/ipv4/ip_forward | cat /proc/sys/net/ipv4/ip_forward | ||
Allow on the fly: | |||
echo 1 > /proc/sys/net/ipv4/ip_forward | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
Activate IP forwarding (necessary after each reboot): | |||
modprobe iptable_nat # if compiled as module | modprobe iptable_nat # if compiled as module | ||
iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE | iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE | ||
Open port 12112 UDP on your router. | |||
Start OpenVPN: | |||
/etc/init.d/openvpn restart | |||
If everything works, add OpenVPN to the default runlevel, so that it starts during boot: | If everything works, add OpenVPN to the default runlevel, so that it starts during boot: | ||
rc-update add openvpn | rc-update add openvpn | ||
Version vom 15. April 2018, 00:11 Uhr
Setup for an OpenVPN server which routes all traffic ("road-warrior")
First install and configure OpenVPN: https://wiki.gentoo.org/wiki/OpenVPN
Do not forget to first setup the key infrastructure: https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts
Add these lines to /etc/openvpn/openvpn.conf for routing all traffic:
push "dhcp-option DNS 8.8.8.8" push "redirect-gateway def1"
Check the necessary kernel options (can be set as M):
CONFIG_TUN CONFIG_IP_NF_CONNTRACK CONFIG_IP_NF_IPTABLES CONFIG_IP_NF_NAT
Allow IP forwarding in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
Check that it is allowed:
cat /proc/sys/net/ipv4/ip_forward
Allow on the fly:
echo 1 > /proc/sys/net/ipv4/ip_forward
Activate IP forwarding (necessary after each reboot):
modprobe iptable_nat # if compiled as module iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
Open port 12112 UDP on your router.
Start OpenVPN:
/etc/init.d/openvpn restart
If everything works, add OpenVPN to the default runlevel, so that it starts during boot:
rc-update add openvpn