Linux – Quick & Dirty Howto for OpenVPN

Quick & Dirty HowtoConfiguration de la partie Serveur:
apt-get install openvpn openssl
cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0
vi vars
(change KEY_COUNTRY)
../vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-dh
cd /etc/openvpn/easy-rsa/2.0/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
cd /etc/openvpn
vi openvpn.conf

Contenu d'openvpn.conf

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client

Démarrer le service:

/etc/init.d/openvpn start

Configuration de la partie Client:

- récupérer les fichiers:

ca.crt client1.crt client1.key

- Créer un profil client:

client
dev tun
proto tcp
remote ip-or-hostname-of-your-openvpn-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

Si on veut rediriger TOUT le trafic vers le VPN, voici une config:

remote ip-or-hostname-of-your-openvpn-server 1194 udp
pull
comp-lzo adaptive
ca ca.crt
redirect-gateway def1
dev tun
cert client1.cert
key client1.key
tls-client
nobind
dhcp-option DNS ip-du-serveur-dns

Et c'est parti !