Installing OpenVPN on Debian Linux (part2)
Order a server with this operating system; submit a ticket to the technical support to enable the module (if necessary) and support the NAT.
With the server activated, log in using the SSH-protocol, for example the PuTTY SSH-client.
Run the command
apt-get install -y openvpn
If everything went well, you need to establish key authorization to gain access to the OpenVPN server.
Copy the files (key utility) into the folder of the openvpn configuration files
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/
Initiate the directory using the keys (WARNING! The command will delete the old keys, if any):
Set up a Certificate Authority
Create a certificate and server key
Provide all the required information. Make sure you have specified the server for the Common name.
Build the Diffie-Hellman parameters. Run the build-dh script without parameters:
Create the keys and certificates for the users’ connection.
Specify a user name (i.e. client1) while creating the certificate by running the command:
I recommend backing up the /etc/openvpn/keys folder.
In the/etc/openvpn/keys directory locate the files:
Copy them to the machine from which you want to connect:
After you have created the keys, you should configure the server. Copy the example of configuration files into
and unpack it
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
The server.conf configuration file is located in the /etc/openvpn directory
Edit it (specify the paths to the keys’ files)
Leave other parameters by default.
To deploy the logs (after customizing you should disable them) that will search for errors, you can add the following line into the OpenVPN server configuration file
Start the server and make sure that it really does.
Starting virtual private network daemon: server.
ps ax|grep openvpn
5175 ? Ss 0:00 /usr/sbin/openvpn –writepid /var/run/openvpn.server.pid –daemon ovpn-server –cd /etc/openvpn –config /etc/openvpn/server.conf
Configuring network address translation to connect to the Internet through the OpenVPN server
After you have configured the server, you still won’t be able to connect to the Internet (you can install VPN_tunnel to the server only). You need to specify the required routes in the /etc/openvpn/server.conf configuration file (to redirect the client’s default gateway to the server):
Change the DNS-servers, because the servers of internet providers may deny recursive requests from unknown addresses, for example, by specifying 10.8.0.1 server (DNS server should be configured on VPS) or any public DNS, e.g. Google Public DNS. Add the following lines into the /etc/openvpn/server.conf configuration file
push “dhcp-option DNS 220.127.116.11″
push “dhcp-option DNS 18.104.22.168″
To enable NAT you need to set up the rules in firewall by using iptables
Specify the following lines in the /etc/rc.local file
/sbin/iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
/sbin/iptables -A FORWARD -i venet0 -o tun0 -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
to automatically use them when booting a VPS.
Run these commands manually to apply the required rules or restart your VPS to make sure that openvpn services and iptables rules run automatically (you may review them using the iptables-save command)
You have successfully configured the OpenVPN server on Debian Linux VPS.