ElRaph(W)ik(i)

User Tools

Site Tools

Trace:
installs:vpn:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
installs:vpn:openvpn [2024/03/27 00:47] – added whole install process elraphikinstalls:vpn:openvpn [2024/03/27 12:05] (current) elraphik
Line 45: Line 45:
 Here we have a machine on our home network, therefore behind NAT, so it'll auto complete with its local IP (192.168.1.2 for example). Here we have a machine on our home network, therefore behind NAT, so it'll auto complete with its local IP (192.168.1.2 for example).
  
-Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn't, we could go to [[https://www.whatismyip.com]] (for example) in order to get our public IP and enter it into the prompt.+Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn't, we could have been to [[https://www.whatismyip.com]] (for example) in order to get our public IP and enter it into the prompt.
 You could also use a public hostname that would point at you. You could also use a public hostname that would point at you.
  
-Next, if your host has IPv6 support, you're asked if you want to use it, free to you to choose any, but we chose yes.+Next, if your host has IPv6 support, you're asked if you want to use it, you're free to choose any, but we chose yes.
  
 Then you can choose the port for your VPN. We don't recommend to use the default port for security reasons, therefore use a custom or a random one. We chose random, but you may want to choose an easy to remember, or maybe you already have decided which one you'd use. Then you can choose the port for your VPN. We don't recommend to use the default port for security reasons, therefore use a custom or a random one. We chose random, but you may want to choose an easy to remember, or maybe you already have decided which one you'd use.
 +Try to remember the port as it'll be useful later.
  
 Now, select the protocol, UDP is recommended for a VPN, and use TCP only if you don't have any other choice. Now, select the protocol, UDP is recommended for a VPN, and use TCP only if you don't have any other choice.
Line 64: Line 65:
 Et voilà, after some time the prompt stops, and OpenVPN is installed and the client configuration starts. Et voilà, after some time the prompt stops, and OpenVPN is installed and the client configuration starts.
  
-===== Client configuration =====+===== Adding a client to your VPN =====
  
-If you followed the last chapter about OpenVPN installation, the scripts directly asks you to enter a client name. Here we'll enter the client we'll use outside our place (usually your lab/work/school laptop). For example, if your laptop is named "balthasar" then you enter "balthasar", simple.+If you followed the last chapter about OpenVPN installation, the scripts directly asks you to enter a client name. 
 +If not, you should re-run the **openvpn-install.sh** script with root privileges. 
 + 
 +Here we'll enter the client we'll use outside our place (usually your lab/work/school laptop). For example, if your laptop is named "balthasar" then you enter "balthasar", simple.
  
 Then, you have to choose if you want to protect the configuration file with a password. The default is no but we are never too secure, so we chose yes. Then, you have to choose if you want to protect the configuration file with a password. The default is no but we are never too secure, so we chose yes.
Line 72: Line 76:
 You will now be prompted to enter the pass phrase to protect the config file, and to repeat the password, which we complied to do. You will now be prompted to enter the pass phrase to protect the config file, and to repeat the password, which we complied to do.
  
-And there you are, the client configuration file is generated, and put in **$PWD/balthasar.ovpn**.+And there you are, the client configuration file is generated, and put in **/root/balthasar.ovpn**.
 Also, the certificate is in **/etc/openvpn/easy-rsa/pki/issued/balthasar.crt** Also, the certificate is in **/etc/openvpn/easy-rsa/pki/issued/balthasar.crt**
  
 +===== Port forwarding =====
 +
 +Last thing to do server side, the port forwarding.
 +If your server is not behind a NAT, it directly has a public IP and you can skip this step.
 +
 +So, remember the port you chose when doing the server configuration ? You'll have to use it now.
 +If you don't remember the port you chose, you can check it via the OpenVPN configuration file:
 +
 +<code bash>
 +head -n 1 /etc/openvpn/server.conf
 +</code>
 +
 +Now, you'll have to add a rule to your router for it to redirect packets from it's port to the same port on the machine on your local network.
 +Also remember the protocol you chose, it should be UDP as recommended.
 +
 +You should now be all set server-side, what a pleasure.
 +
 +===== Client connection =====
 +
 +For the connection, you'll have to transfer the OpenVPN profile to the client you want to connect with.
 +If you haven't touched it, the profile is still **/root/balthasar.ovpn** (or any name you chose).
 +You can transfer it to as many clients as you like and using the method you like, but try not to let it fly on the internet.
 +
 +Now that you have the profile on the client, you can use OpenVPN Connect (for Windows and Android) or directly use openvpn on Linux, and feed them the profile, enter the password needed if you set one, and now it should connect.
 +
 +For testing it, we recommend using a phone on cellular data, or any machine connected to a different network. Once connected, you should be able to ping any of the machines that is on the same private network as your VPN.
 +
 +Et voilà, you now know how to set up your own VPN, create users, and use the VPN, all via the OpenVPN service.
installs/vpn/openvpn.1711500477.txt.gz · Last modified: 2024/03/27 00:47 by elraphik