OpenVPN Setup
Configuration
Server side
Server.conf
1# /etc/openvpn/server/server.conf
2local 10.0.0.230
3port 1194
4proto udp
5dev tun
6ca ca.crt
7cert server.crt
8key server.key
9dh dh.pem
10auth SHA512
11tls-crypt tc.key
12topology subnet
13client-config-dir /etc/openvpn/ccd # bind ip with client name
14route 192.166.0.0 255.255.255.0 # route add to server side
15push "route 192.167.0.0 255.255.255.0" # route add to client side
16server 10.8.0.0 255.255.255.0
17push "redirect-gateway def1 bypass-dhcp"
18ifconfig-pool-persist ipp.txt
19push "dhcp-option DNS 10.0.0.1"
20keepalive 10 120
21cipher AES-256-CBC
22user nobody
23group nogroup
24persist-key
25persist-tun
26verb 4 # log level, 1-11, bigger more details
27crl-verify crl.pem
28explicit-exit-notify
Ccd configuration
Ccd configuration locate at /etc/openvpn/ccd
. Every cluster has a configuration file named by client name.
1# /etc/openvpn/ccr/node-1
2ifconfig-push 10.8.0.2 255.255.255.0
3iroute 192.166.0.0 255.255.255.0
Service Mangement
1# server
2systemctl status openvpn-server@server.service
3# client
4systemctl stop openvpn@client.service
Client side
Client.conf
1# /etc/openvpn/client.conf
NAT rule on the Pop
1# If the sever side want to access the client side private network, you shoule add NAT rule on the client side
2# ip is the VPN vip range
3sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens160 -j MASQUERADE
4# ip is the server side ip
5sudo iptables -t nat -A POSTROUTING -s 10.0.12.0/24 -o ens160 -j MASQUERADE
6# vi /etc/sysctl.conf
7# net.ipv4.ip_forward = 1
8sudo sysctl -p
9
10
11sudo nginx -s reload
https://www.cyberciti.biz/faq/ubuntu-20-04-lts-set-up-openvpn-server-in-5-minutes/
https://github.com/Nyr/openvpn-install/blob/master/openvpn-install.sh