apt-get install openvpn
IVPN='tap0' iptables -A INPUT -m state --state NEW -i $IVPN -j ACCEPT iptables -A FORWARD -i $IVPN -j ACCEPT
Create the certificates
cp --preserve /usr/share/doc/openvpn/examples/easy-rsa/2.0/* . /etc/openvpn/ cd /etc/openvpn/ . ./vars ./clean-all ./build-ca
vi /etc/openvpn/1_some-VPN.conf # TCP or UDP server? proto tcp ;proto udp dev tap ;dev tun # IP adressen sættes til netværksadresse, og serveren vil få den første efterfølgende adresse server 172.16.202.0 255.255.255.0 push "route 172.16.0.0 255.255.0.0" ;push "route 192.168.20.0 255.255.255.0" push "dhcp-option DNS 172.16.2.1" push "dhcp-option WINS 172.16.2.3" client-to-client plugin /usr/lib/openvpn/openvpn-auth-pam.so login client-cert-not-required username-as-common-name
windows openVPN client config-file
ca ca.crt auth-user-pass tls-auth ta.key 1
A small Trick
A particularly cool feature is the possibility of sharing a port with Apache – this should make it harder for emcee network administrators to censor or filter your OpenVPN packages.
“Sharing” is, however, a bit misleading, since two applications can't listen to the same port at the same time. For instance, to share Port 443, you have to make Apache listen on a different port. We made Apache listen on Port 8443 instead, by doing so, and editing the ports.conf file to say:
# Normal HTTP NameVirtualHost *:80 Listen 80 #SSL HTTPS NameVirtualHost *:8443 Listen 8443
Now that Port 443 is no longer taken by another application, we can make OpenVPN listen there instead. non-OpenVPN traffic that goes to this port has to be forwarded to Apache by OpenVPN. After all, we still want to talk with Apache by using Port 443, from the "outside", as you would do normally. This can be accomplished by putting these lines into your openvpn config
proto tcp port 443 port-share 127.0.0.1 8443
Explanation: This cool feature only works for TCP, that is why you need the “proto tcp” line. Only OpenVPN is listening on Port 443. However, any non-OpenVPN packets will be forwarded by OpenVPN to Apache on the "internal" port 8443, which in this case is running on the same server.