This is a quick and easy guide for OpenVPN on Ubuntu that will get you up and running with minimal configs. With some persistence this is not hard to do and opens up a world of possibilities. Eg, Full encrypted access from remote locations to your home network, or if you really want to go nuts you can even do the ssh tunnelling of openvpn over a http proxy using corkscrew.
This configuration works for a single client connecting to a single server.
## Note Server Config (its tunnel interface will be 172.20.0.1 and eth0 is 192.168.1.10 and its Public IP is that of your router):
apt-get install openvpn
cd /etc/openvpn
openvpn --genkey --secret mystatickey.key
vi /etc/openvpn/openvpn.conf
=======snip===========
dev tun
ifconfig 172.20.0.1 172.20.0.2
secret mystatickey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
======snip============
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/openvpn start
ifconfig command- should show a tun interface with an IP of 172.20.0.1
###Client Config (its tunnel interface will be 172.20.0.2)
apt-get install openvpn
cd /etc/openvpn
scp publicIPofyourRouter:/etc/openvpn/mystatickey.key .
vi /etc/openvpn/openvpn.conf
===== snip =============
remote publicIPofyourRouter
dev tun
ifconfig 172.20.0.2 172.20.0.1
secret mystatickey.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
===== snip =============
/etc/init.d/openvpn start
ifconfig - should show a tun interface with an IP of 172.20.0.2
Time to test. From your client you should be able to ping 172.20.0.1 (the server tunnel interface).
If ping works your tunnel is up and openvpn is running sweetly. 🙂
You will probably need to add a static route to your local router (server end) so that the route to 172.20.0.0 goes to your openvpn server and not out the gateway. Also the ip_forward line is required to allow your server to route traffic between interfaces.
Notes:
* Firewall and port forwarding are the first things to check. UDP 1194 must be open on the server.
* You can use no-ip.com or dyndns.org to get a home DNS entry if you are a dynamic IP. Then use this as your remote IP in the client config.
* You will need to forward UDP 1194 from your router to the internal host. This is configured on your router.
* If you only want to access local lan addresses at your server end and have your public traffic not go over the vpn from your client use routes on the client such as route add -net 192.168.1.0/24 gw 172.20.0.1
Extra Notes:
Sometimes you want to do funky things, like push your VPN tunnel through an ssh tunnel. This allows you to get full access to a remote LAN over a single open port (ssh).
Edit openvpn.conf on both client and server as below, note you are no longer using UDP and you also don't need to forward UDP or TCP 1194 anymore as you everything is inside SSH.
Add to server:
proto tcp-server
Change remote line to:
remote localhost
Add to client:
proto tcp-client
Now on your client you want to port forward 1194 TCP to your local machine.
ssh -L 1194:127.0.0.1:1194 you@yourpublicip
Test by telnet to 127.0.0.1 1194 on client - you should get a connection. Break the connection and start openvpn on client.
/etc/init.d/openvpn start
Enjoy.