So sommar is comming and I planning to be away as mutch as possible.
But I need an door in to my server at home for some work. When Im of i only will have an 3g/4g connections so its mutch nicer to work against my server home at a stabel 100 line.
So for making this possibel I install en openvpn server on my PI sitting in my closet.
THIS CONFIG SEND ALL TRAFFIC TROW THE VPN so be ware 🙂
apt-get install openvpn openssl
Setting up keys used for vpn
cd /etc/openvpn cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rs cd easy-rsa/
Open the file vars and at the buttom enter your settings
export KEY_COUNTRY="SE" export KEY_PROVINCE="ST" export KEY_CITY="Stockholm" export KEY_ORG="Elino" export KEY_EMAIL="firstname.lastname@example.org" export KEY_EMAILemail@example.com export KEY_CN=elino.no-ip.org export KEY_NAME=mepi export KEY_OU=mepi export PKCS11_MODULE_PATH=changeme export PKCS11_PIN=1234
make new synlink to config file
ln -s openssl-1.0.0.cnf openssl.cnf
Ok ready to make som certs first load and clean all certs (Onlye clean the first time you will delete all certs)
source vars ./clean-all
./build-ca openvpn ./build-key-server server ./build-dh openvpn --genkey --secret ta.key
Installing the certs
cp keyscp server.crt server.key ca.crt ../ta.key dh1024.pem /etc/openvpn/
Set up the openvpn config
make the file /etc/openvpn/server.conf and past the following into the file
dev tun proto udp port 1194 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem user nobody tls-auth ta.key 0 group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 client-to-client push "redirect-gateway def1" #set the dns servers push "dhcp-option DNS 188.8.131.52" push "dhcp-option DNS 184.108.40.206" log-append /var/log/openvpn comp-lzo
Restart the vpn server
look in the logfile (/var/log/openvpn) to se that the server started and do a ifconfig to make shoure you have a tun device.
Now we must enabled traffic forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to [ipadres rpi]
Make shoure this command is run if you restart your pi.
Making some clients to the server
First lets make som certs to use.
cd /etc/openvpn/easy-rsa/ source vars ./build-key mahe
Copy the certs needed
mkdir /etc/openvpn/clients mkdir /etc/openvpn/clients/mahe cd keys cp mahe.crt mahe.key ca.crt ../ta.key /etc/openvpn/clients/mahe/
make an client config file nane /etc/openvpn/cleints/mahe/client.con (if used on windows call the file client.ovpn)
dev tun client proto udp remote YOUR.RASPBERRYPI.IPADRESS 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert mahe.crt key mahe.key tls-auth ta.key 1 comp-lzo verb 3
Now you can copy the mahe folder to you laptop and for connection run from teh mahe folder. It you make new certs and called them user you must update this hoe to and config to use the correct certs.
sudo openvpn --config client.conf
Make shoure you have udp port 1194 open in you firewall to your raspberry pi.
When you see this line in the openvpn client you are connected.
Initialization Sequence Completed
And now you are routing all you traffic trow the Raspberry Pi
Go to http://ip-lookup.net/ and se what public ip you are using.