Links
- openvpn.net
- digitalocean.com
Server Setup on Linux
- Config file:
/etc/openvpn/server.conf - You will need to enable IP forwarding.
- To check if it's enabled, run
cat /proc/sys/net/ipv4/ip_forward - To enable, run
echo 1 > /proc/sys/net/ipv4/ip_forwardOR addnet.ipv4.ip_forward = 1to/etc/sysctl.conf.
- To check if it's enabled, run
Set up ip tables
- https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
- http://allanmcrae.com/2013/09/routing-traffic-with-openvpn/
There are better ways to do this but this works for now.
I've specified -s 10.8.0.0/24 instead of -i tun0.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t filter -A INPUT -s 10.8.0.0/24 -j ACCEPT iptables -t filter -A FORWARD -s 10.8.0.0/24 -j ACCEPT
My sample server.conf details
# Tell clients to use the OpenVPN server as the default # gateway (includes DNS lookups). Requires the server # to NAT/bridge the TUN/TAP interface with it's internet # interface. push "redirect-gateway def1 bypass-dhcp" # Use Google's public DNS servers. push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" # Drop privileges. user nobody group nobody