Linux/OpenVPN
Setup for an OpenVPN server which routes all traffic ("road-warrior")
First install and configure OpenVPN: https://wiki.gentoo.org/wiki/OpenVPN
Do not forget to first setup the key infrastructure: https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts
Add these lines to /etc/openvpn/openvpn.conf for routing all traffic:
push "dhcp-option DNS 8.8.8.8" push "redirect-gateway def1"
Add these lines for user/password authentication in addition to the certificate:
plugin openvpn-plugin-auth-pam.so /etc/pam.d/login username-as-common-name
Check the necessary kernel options (can be set as M):
CONFIG_TUN CONFIG_IP_NF_CONNTRACK CONFIG_IP_NF_IPTABLES CONFIG_IP_NF_NAT
Allow IP forwarding in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
Check that it is allowed:
cat /proc/sys/net/ipv4/ip_forward
Allow on the fly:
echo 1 > /proc/sys/net/ipv4/ip_forward
Activate IP forwarding (necessary after each reboot):
modprobe iptable_nat # if compiled as module iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
Open port 12112 UDP on your router.
Start OpenVPN:
/etc/init.d/openvpn restart
If everything works, add OpenVPN to the default runlevel, so that it starts during boot:
rc-update add openvpn
Android
Use https://play.google.com/store/apps/details?id=de.blinkt.openvpn.
Import client openvpn.conf. Enable "User/PW + Certificates" and "Use default route". Disable "LZO Compression", if you disabled it on the server because of ChromeOS clients.
ChromeOS
Source: https://www.errietta.me/blog/openvpn-chromebook/
openssl pkcs12 -export -in ./pki/issued/client1.crt -inkey ./pki/private/client1.key -certfile ./pki/ca.crt -name client1 -out client1.p12
When using the simple (UI) configuration for ChromeOS:
- disable comp-lzo in /etc/openvpn/openvpn.conf and restart OpenVPN
- use servername:12112 in ChromeOS OpenVPN connection settings
WiFi Hotspots
Some Hotspots (for example Telekom Germany) do not allow UDP packets. In that case, configure OpenVPN to use TCP.