How to setup Openvpn – Debian based Machines

Step 1- Install Openvpn

sudo apt-get install openvpn

Step 2- Copy all the files to make generate your keys(Server/Client)

mkdir /etc/openvpn/thekeys
cp -a /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/thekeys/
cd /etc/openvpn/thekeys/2.0/

Step 3- Edit the vars / building the Certificate Authority and generate some keys

vim vars
(Edit to the proper values for each KEY_*value)
source vars
./clean-all
./build-ca
(All the fields you edited before should show up when building the CA)
./build-key-server [nameofserver]
./build-key [nameofclient]
(You can build multiple clients if you intend to have more than one user/machine)
./build-dh

Step 4- Copy the newly created keys to the /etc/openvpn directory

cp /etc/openvpn/thekeys/2.0/keys/ca.crt /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/[nameofserver].crt /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/[nameofserver].key /etc/openvpn
cp /etc/openvpn/thekeys/2.0/keys/dh1024.pem /etc/openvpn

Step 5- Move the client keys to the client machine(via scp or flash drive)

cp /etc/openvpn/thekeys/2.0/keys/ca.crt [/path/to/flashdrive]
cp /etc/openvpn/thekeys/2.0/keys/[nameofclient].crt [/path/to/flashdrive]
cp /etc/openvpn/thekeys/2.0/keys/[nameofclient].key [/path/to/flashdrive]

Step 6- Copy and setup the server.conf file or use mine

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d server.conf.gz
vim server.conf

#OpenVPN Server Config
port 443
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/[nameofserver].crt
key /etc/openvpn/[nameofserver].key
dh /etc/openvpn/dh1024.pem
server 10.7.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 8.8.8.8″
push “dhcp-option DNS 8.8.4.4″
keepalive 10 120
cipher AES-256-CBC   # AES
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Step 7- Add the Openvpn Server to startup

update-rc.d openvpn defaults

Step 8- Turn on Permanent IPV4 forwarding

vim /etc/sysctl.conf
(Uncomment the line net.ipv4.ip_forward=1)

Step 9- Setup IPTables Rules for the VPN

iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE
iptables-save

Step 10- Client Setup – (Windows / Linux / Mac) [Client Config Example Below]

#client.conf
client
dev tun
proto udp
remote [ip/domain of server] 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca [/path/to/ca.crt]
cert [/path/to/client.crt]
key [/path/to/client.key]
ns-cert-type server
cipher AES-256-CBC # AES
comp-lzo
verb 3
#redirect-gateway #remove comment if you would like to send all traffic through tunnel

(Windows)
-Download the Openvpn client / Install it
-Navigate to the openvpn config directory
-Drop the client.conf file and the ca.crt, client.crt, and client.key in this directory
-Launch the GUI and connect

(Linux)
-Add the client.conf, ca.crt, client.key, client.crt to the /etc/openvpn directory
-Run openvpn –config /etc/openvpn/client.conf &

(Mac)
-Download and run Tunnelblick
-When recieving the “Welcome Message” Select the “Open configuration foler” option
-Drop the client.conf, ca.crt, client.crt, and client.key in the new folder
-Whatever you name your folder tunnelblick will use as a name for the connection
-When ready from the tunnelblick icon select Connect ‘Connection’