roadwarrior setup with openvpn 2.0.9 for Openvpn
Intro
My aim is to set up an openvpn config where an internet user can access a server on the internet. From the server you can setup connections to internet, or to an internal net (which is not included in the setup.)
In linuxjournal I have already explained howto let road-warriors use openvpn to connect to your networks in a save manner.
The new setup however has some new features and is simpler: the new openvpn version makes this possible.
Config files and what they do
Server setup
##server config file
port 1194 #udp port
dev tun # routed setup
tls-server
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
# server and client point-to-point network
server 192.168.100.0 255.255.255.0
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 120
#use plugin to authenticate against passwd file linux-server
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
#default gateway for all traffic will be via the openvpn connection
push "redirect-gateway"
push "dhcp-option DNS server-ip-address" #push DNS entries to client
comp-lzo
status-version 2
status openvpn-status.log
verb 4
################end
Client setup
###############
dev tun
remote ip-address-server-here
tls-client
ca ca.crt
cert client.crt
key client.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 4
#user/password authentication on top of certificates
#because someone can steel that laptop and you need some time to revoke the certificate
--auth-user-pass
##########################################