installs:vpn:openvpn
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| installs:vpn:openvpn [2024/03/27 00:22] – added installation code blocks elraphik | installs:vpn:openvpn [2024/03/27 12:05] (current) – elraphik | ||
|---|---|---|---|
| Line 39: | Line 39: | ||
| </ | </ | ||
| + | Now, the installation process has started, and should be pretty simple to follow. | ||
| + | Normally, the service should be able to auto complete the options by default, but we'll still go through each of them. | ||
| + | First, you are prompted to enter the machine address, if you use a hosted machine, you shall enter it's public IP. | ||
| + | Here we have a machine on our home network, therefore behind NAT, so it'll auto complete with its local IP (192.168.1.2 for example). | ||
| + | |||
| + | Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn' | ||
| + | You could also use a public hostname that would point at you. | ||
| + | |||
| + | Next, if your host has IPv6 support, you're asked if you want to use it, you're free to choose any, but we chose yes. | ||
| + | |||
| + | Then you can choose the port for your VPN. We don't recommend to use the default port for security reasons, therefore use a custom or a random one. We chose random, but you may want to choose an easy to remember, or maybe you already have decided which one you'd use. | ||
| + | Try to remember the port as it'll be useful later. | ||
| + | |||
| + | Now, select the protocol, UDP is recommended for a VPN, and use TCP only if you don't have any other choice. | ||
| + | |||
| + | The installer now needs you to choose a DNS resolver, if you don't know which one to use you can use the default as we did. | ||
| + | |||
| + | Then you have to choose if you want to use compression and customize encryption, and we said no to both as the first one is used by an attack and the other needs you to know what you are doing with it. | ||
| + | |||
| + | After all that, the installer has everything it needs and you are prompted to press any key for it to start the real setup. | ||
| + | |||
| + | It'll start downloading the right packages for OpenVPN to run and to be secure. | ||
| + | |||
| + | Et voilà, after some time the prompt stops, and OpenVPN is installed and the client configuration starts. | ||
| + | |||
| + | ===== Adding a client to your VPN ===== | ||
| + | |||
| + | If you followed the last chapter about OpenVPN installation, | ||
| + | If not, you should re-run the **openvpn-install.sh** script with root privileges. | ||
| + | |||
| + | Here we'll enter the client we'll use outside our place (usually your lab/ | ||
| + | |||
| + | Then, you have to choose if you want to protect the configuration file with a password. The default is no but we are never too secure, so we chose yes. | ||
| + | |||
| + | You will now be prompted to enter the pass phrase to protect the config file, and to repeat the password, which we complied to do. | ||
| + | |||
| + | And there you are, the client configuration file is generated, and put in **/ | ||
| + | Also, the certificate is in **/ | ||
| + | |||
| + | ===== Port forwarding ===== | ||
| + | |||
| + | Last thing to do server side, the port forwarding. | ||
| + | If your server is not behind a NAT, it directly has a public IP and you can skip this step. | ||
| + | |||
| + | So, remember the port you chose when doing the server configuration ? You'll have to use it now. | ||
| + | If you don't remember the port you chose, you can check it via the OpenVPN configuration file: | ||
| + | |||
| + | <code bash> | ||
| + | head -n 1 / | ||
| + | </ | ||
| + | |||
| + | Now, you'll have to add a rule to your router for it to redirect packets from it's port to the same port on the machine on your local network. | ||
| + | Also remember the protocol you chose, it should be UDP as recommended. | ||
| + | |||
| + | You should now be all set server-side, | ||
| + | |||
| + | ===== Client connection ===== | ||
| + | |||
| + | For the connection, you'll have to transfer the OpenVPN profile to the client you want to connect with. | ||
| + | If you haven' | ||
| + | You can transfer it to as many clients as you like and using the method you like, but try not to let it fly on the internet. | ||
| + | |||
| + | Now that you have the profile on the client, you can use OpenVPN Connect (for Windows and Android) or directly use openvpn on Linux, and feed them the profile, enter the password needed if you set one, and now it should connect. | ||
| + | |||
| + | For testing it, we recommend using a phone on cellular data, or any machine connected to a different network. Once connected, you should be able to ping any of the machines that is on the same private network as your VPN. | ||
| + | |||
| + | Et voilà, you now know how to set up your own VPN, create users, and use the VPN, all via the OpenVPN service. | ||
installs/vpn/openvpn.1711498923.txt.gz · Last modified: 2024/03/27 00:22 by elraphik