Differences

This shows you the differences between two versions of the page.

--- installs:vpn:openvpn [2024/03/27 00:52] – changed client configuration elraphik
+++ installs:vpn:openvpn [2024/03/27 12:05] (current) – elraphik
@@ Line 45: / Line 45: @@
 Here we have a machine on our home network, therefore behind NAT, so it'll auto complete with its local IP (192.168.1.2 for example).
-Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn't, we could go to [[https://www.whatismyip.com]] (for example) in order to get our public IP and enter it into the prompt.
+Then, if behind NAT (which is our case), you are prompted to enter the public IP of your network. Our was auto completed, but if it wasn't, we could have been to [[https://www.whatismyip.com]] (for example) in order to get our public IP and enter it into the prompt.
 You could also use a public hostname that would point at you.
-Next, if your host has IPv6 support, you're asked if you want to use it, free to you to choose any, but we chose yes.
+Next, if your host has IPv6 support, you're asked if you want to use it, you're free to choose any, but we chose yes.
 Then you can choose the port for your VPN. We don't recommend to use the default port for security reasons, therefore use a custom or a random one. We chose random, but you may want to choose an easy to remember, or maybe you already have decided which one you'd use.
+Try to remember the port as it'll be useful later.
 Now, select the protocol, UDP is recommended for a VPN, and use TCP only if you don't have any other choice.
@@ Line 78: / Line 79: @@
 Also, the certificate is in **/etc/openvpn/easy-rsa/pki/issued/balthasar.crt**
+===== Port forwarding =====
+Last thing to do server side, the port forwarding.
+If your server is not behind a NAT, it directly has a public IP and you can skip this step.
+So, remember the port you chose when doing the server configuration ? You'll have to use it now.
+If you don't remember the port you chose, you can check it via the OpenVPN configuration file:
+<code bash>
+head -n 1 /etc/openvpn/server.conf
+</code>
+Now, you'll have to add a rule to your router for it to redirect packets from it's port to the same port on the machine on your local network.
+Also remember the protocol you chose, it should be UDP as recommended.
+You should now be all set server-side, what a pleasure.
+===== Client connection =====
+For the connection, you'll have to transfer the OpenVPN profile to the client you want to connect with.
+If you haven't touched it, the profile is still **/root/balthasar.ovpn** (or any name you chose).
+You can transfer it to as many clients as you like and using the method you like, but try not to let it fly on the internet.
+Now that you have the profile on the client, you can use OpenVPN Connect (for Windows and Android) or directly use openvpn on Linux, and feed them the profile, enter the password needed if you set one, and now it should connect.
+For testing it, we recommend using a phone on cellular data, or any machine connected to a different network. Once connected, you should be able to ping any of the machines that is on the same private network as your VPN.
+Et voilà, you now know how to set up your own VPN, create users, and use the VPN, all via the OpenVPN service.