Linux Server Build: OpenVPN From Scratch - Hak5 2019
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Today we're building an OpenVPN server from scratch in Linux!
-------------------------------
Shop:
Support:
Subscribe:
Our Site:
Contact Us:
------------------------------
Install and setup OpenVPN
apt-get update; apt-get install openvpn easy-rsa
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf
nano /etc/openvpn/server.conf
replace dh1024.pem with dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS" and replace IP addresses with your fav DNS
user nobody
group nogroup
and exit
Setup Firewall
IP forwarding
echo 1 /proc/sys/net/ipv4/ip_forward
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
and exit
firewall.
ufw status
ufw allow ssh
ufw allow 1194/udp
packets forward through the VPS by changing for forward policy to accept
nano /etc/default/ufw
DROP with ACCEPT in DEFAULT_FORWARD_POLICY="DROP"
and exit
NAT and IP masquerading for clients
nano /etc/ufw/before.rules
the following near the top
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
ufw status
Setup Keys and Start the Server
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys
nano /etc/openvpn/easy-rsa/vars
export KEY_* values
KEY_NAME to "server"
and exit
the 2048 bit Diffie-Hellman pem file we pointed to in the openvpn config
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
to the easy-rsa directory
cd /etc/openvpn/easy-rsa
the variables we configured
. ./vars
./clean-all
./build-ca all defaults
./build-key-server server all defaults
the newly generated certificates to /etc/openvpn
cp /etc/openvpn/easy-rsa/keys/server.crt,server.key,ca.crt /etc/openvpn
/etc/openvpn we should have a server.conf, server.crt, server.key, ca.crt and dh2048.pem
the OpenVPN service
service openvpn start
service openvpn status
Setup keys for the first client
./build-key client
ls keys
a new directory to merge the client configuration and keys
mkdir ~/client
the example client configuration renaming the file extension from conf to ovpn
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client/pineapple.ovpn
cd /etc/openvpn/easy-rsa/keys
cp client.crt client.key client.ovpn ~/client
cp /etc/openvpn/ca.crt ~/client
Securely copy client.crt, client.key, ca.crt and client.ovpn to your client device
cd ~/client
public IP address
ifconfig
nano pineapple.ovpn
# find remote and replace my-server-1 with IP address of VPN server
# uncomment group nogroup
# uncomment user nobody
# comment out the ca, cert and key directives
# save and exit
echo "ca" to pineapple.ovpn
cat ca.crt to pineapple.ovpn
echo "/ca" to pineapple.ovpn
echo "cert" to pineapple.ovpn
cat client.crt to pineapple.ovpn
echo "/cert" to pineapple.ovpn
echo "key" to pineapple.ovpn
cat client.key to pineapple.ovpn
echo "/key" to pineapple.ovpn
-~-~~-~~~-~~-~-
Please watch: "Bash Bunny Primer - Hak5 2225"
-~-~~-~~~-~~-~-
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
Watch video Linux Server Build: OpenVPN From Scratch - Hak5 2019 online without registration, duration 54 minute 05 second in high hd quality. This video was added by user Hak5 06 July 2016, don't forget to share it with your friends and acquaintances, it has been viewed on our site 204 thousand once and liked it 3 thousand people.