Configuration

Server side

Server.conf

 1# /etc/openvpn/server/server.conf
 2local 10.0.0.230
 3port 1194
 4proto udp
 5dev tun
 6ca ca.crt
 7cert server.crt
 8key server.key
 9dh dh.pem
10auth SHA512
11tls-crypt tc.key
12topology subnet
13client-config-dir /etc/openvpn/ccd        # bind ip with client name
14route  192.166.0.0 255.255.255.0          # route add to server side
15push "route  192.167.0.0 255.255.255.0"   # route add to client side
16server 10.8.0.0 255.255.255.0
17push "redirect-gateway def1 bypass-dhcp"
18ifconfig-pool-persist ipp.txt
19push "dhcp-option DNS 10.0.0.1"
20keepalive 10 120
21cipher AES-256-CBC
22user nobody
23group nogroup
24persist-key
25persist-tun
26verb 4                 # log level, 1-11, bigger more details
27crl-verify crl.pem
28explicit-exit-notify

Ccd configuration

Ccd configuration locate at /etc/openvpn/ccd. Every cluster has a configuration file named by client name.

1# /etc/openvpn/ccr/node-1
2ifconfig-push 10.8.0.2 255.255.255.0
3iroute 192.166.0.0 255.255.255.0

Service Mangement

1# server 
2systemctl status openvpn-server@server.service
3# client
4systemctl stop openvpn@client.service

Client side

Client.conf

1# /etc/openvpn/client.conf

NAT rule on the Pop

 1# If the sever side want to access the client side private network, you shoule add NAT rule on the client side 
 2# ip is the VPN vip range
 3sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens160 -j MASQUERADE
 4# ip is the server side ip
 5sudo iptables -t nat -A POSTROUTING -s 10.0.12.0/24 -o ens160 -j MASQUERADE
 6# vi /etc/sysctl.conf
 7# net.ipv4.ip_forward = 1
 8sudo sysctl -p
 9
10
11sudo nginx -s reload

https://www.cyberciti.biz/faq/ubuntu-20-04-lts-set-up-openvpn-server-in-5-minutes/

https://github.com/Nyr/openvpn-install/blob/master/openvpn-install.sh