Linux/OpenVPN

Aus VivaLV
Zur Navigation springen Zur Suche springen

Setup for an OpenVPN server which routes all traffic ("road-warrior")

First install and configure OpenVPN: https://wiki.gentoo.org/wiki/OpenVPN

Do not forget to first setup the key infrastructure: https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts

I changed the OpenVPN server config to use tcp instead of udp in /etc/openvpn/openvpn.conf:

proto tcp

Add these lines to /etc/openvpn/openvpn.conf:

push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"

Check the necessary kernel options (can be set as M):

CONFIG_TUN
CONFIG_IP_NF_CONNTRACK 
CONFIG_IP_NF_IPTABLES 
CONFIG_IP_NF_NAT

Enable IP forwarding in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Check that it is enabled:

cat /proc/sys/net/ipv4/ip_forward

Enable on the fly:

echo 1 > /proc/sys/net/ipv4/ip_forward

After each reboot:

modprobe iptable_nat # if compiled as module
iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE

If everything works, add OpenVPN to the default runlevel, so that it starts during boot:

rc-update add openvpn