TienLe's Blog
Lazy Development Sharing
TienLe's Blog
Lazy Development Sharing
Linux

OpenVPN installation quick tutorial

by |Published

Just a quick introduction for OpenVPN installation since there is a good work from https://github.com/Nyr/openvpn-install that helps install in 1-click. I just add some extra notes when installing as well as connecting for future references.

  1. First, run the one-step installation command:

    [bash]wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh[/bash]

  2. When installing, just remember to choose “1) Current system resolvers” for the question “What DNS do you want to use with the VPN?” so that we will not need to deal with third-party DNS resolvers. I was stuck at resolving domain name when browsing internet in the very first connections using Google DNS resolver.
    1. One thing to note on this is that: if you still face problem of resolving web after VPN connection. You can try removing openVPN server first, then reinstall it. Not sure if it fixes, but in the second installing time, it seems that the process of “Generating DH parameters, 2048 bit long safe prime, generator 2
      This is going to take a long time” takes looooooooonger time and then it can be connected after that 🙂
  3. If you are using csf firewall, remember to add the port to accepted UDP port, and also put the following rules into /etc/csf/csfpre.sh file: For OpenVZ:

    [bash]iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 192.168.1.0/29 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 192.168.1.0/29 -j SNAT –to YOUR_IP_ADDRESS[/bash]

    For KVM/Xen:

    [bash]iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 192.168.1.0/29 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 192.168.1.0/29 -o eth0 -j MASQUERADE[/bash]

    Just a small difference in the last line, and then restart csf:

    [bash]csf -r[/bash]

  4. Enjoy. Download the profile to your client machine and you can connect to remote VPN server using Tunnelblick at https://tunnelblick.net/downloads.html

AUTHOR

Conan
A super lazy guy who tries to write tech blog entries in English.He is lazy, so he can only write when he is in a good mood or when he is tired of coding.

You may also like

Published

Migrate Gitlab to new server

When migrating gitlab to a new server, you might face much problems of in-compatible versions, different OS (so different latest gitlab version), […]

Leave a comment

Your email address will not be published. Required fields are marked *