+
Sample Configs für OpenVPN mit NAT für inet (redirect-gateway) auf einem Internet Server (+ OpenVZ)
OpenVPN Sampe Server Config:
-{{{
+[[!format txt """
port 1194
-proto tcp
-dev tun
+proto tcp
+dev tun
tls-server
server 192.168.50.0 255.255.255.240 # NETZ ÄNDERN JE NACH BEDARF!
#push "route 192.168.0.0 255.255.255.192"
#push "dhcp-option DNS 192.168.50.3"
-#keepalive 10 120
+#keepalive 10 120
auth SHA1
persist-key
persist-tun
-verb 3
+verb 3
comp-lzo
client-to-client
status /etc/openvpn/openvpn-status.log
log-append /var/log/openvpn.log
-}}}
-
+"""]]
Client Sample Config:
-{{{
+[[!format txt """
client
-dev tup
+dev tup
proto tcp-client
remote example.net
resolv-retry infinite
key certs/<USER>_key_vpn.pem
comp-lzo
verb 0
-port 143
+port 143
#tls-remote VPNServer
persist-local-ip
-}}}
-
-
+"""]]
Zertifikate bauen: (common name muss wie der Host heißen!)
-{{{
+[[!format txt """
#!/bin/bash
echo "Client Certs mit folgendem Commando vorbereiten:"
echo "./clientcerts "
-}}}
-
+"""]]
Clientcerts
-{{{
+[[!format txt """
#!/bin/bash
rm $1_csr_vpn.pem
echo "Clientcert $1_cert_vpn.pem und Clientkey $1_key_vpn.pem erstellt..."
cd ..
-}}}
-
-
+"""]]
iptables für routing:
-{{{
+[[!format txt """
#!/bin/bash
case $1 in
iptables -A INPUT -i $VPNDEV -s $VPNLAN -j ACCEPT
iptables -A FORWARD -i $VPNDEV -o $EXTDEV -s $VPNLAN -j ACCEPT
iptables -A FORWARD -i $EXTDEV -o $VPNDEV -d $VPNLAN -m state --state RELATED,ESTABLISHED -j ACCEPT
-iptables -t nat -A POSTROUTING -s $VPNLAN -o $EXTDEV -j SNAT --to-source <IP DES SERVERS>
+iptables -t nat -A POSTROUTING -s $VPNLAN -o $EXTDEV -j SNAT --to-source <IP DES SERVERS>
;;
restart)
;;
esac
-}}}
\ No newline at end of file
+"""]]
\ No newline at end of file