Install

• sudo apt install openvpn

Server

Create DH Key

• cd /etc/openvpn
• openssl dhparam -out dh2048.pem 2048

Selbstsigniertes Zertifikat

• Selbstsigniertes Zertifikat
• Zertifikat der Zertifizierungsstelle

ca.crt

• Zertifikat des Servers

frieda.xx.de.crt

• Privater Schlüssel des Servers

frieda.xx.de.key

Server Config

• vi /etc/openvpn/server.conf

dev tun
mode server
tls-server
port 5000
topology subnet
server 172.31.2.0 255.255.255.0
push "route 192.168.191.0 255.255.255.0"
push "dhcp-option DOMAIN vulkan.int"
push "dhcp-option DNS 192.168.191.10"
cipher AES-256-CBC
link-mtu 1542
status /tmp/cool-vpn.status
keepalive 10 30
client-to-client
max-clients 150
verb 3
dh /etc/openvpn/dh2048.pem
ca /etc/openvpn/openvpn-ca.crt
cert /etc/openvpn/openvpn-linux.crt
key /etc/openvpn/openvpn-linux.key
verify-client-cert none
compress
persist-key
persist-tun
client-config-dir client
username-as-common-name
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login

Client

Client Config

port 5000
dev tun0
remote neo.harirbo.net
tls-client
cipher AES-256-CBC
link-mtu 1542
mssfix 1450
pull
compress
verb 3
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
place your cacert here
-----END CERTIFICATE-----
</ca>