Skip to content

Instantly share code, notes, and snippets.

@laurenorsini
Last active June 2, 2023 15:45
Show Gist options
  • Save laurenorsini/9925434 to your computer and use it in GitHub Desktop.
Save laurenorsini/9925434 to your computer and use it in GitHub Desktop.
OpenVPN configuration for /etc/openvpn/server.conf
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
@solat110
Copy link

I am facing problem while connecting SIP Registrations
I can able to connect Client with OPENVPN Server, Please tell me the IP routing configuration:

my current IP route is:
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.101.0/24 dev em1 proto kernel scope link src 192.168.101.2
64.xxx.xx.xx/24 dev em1 proto kernel scope link src 64.xxx.xx.xx
10.8.0.0/24 via 10.8.0.2 dev tun0
169.254.0.0/16 dev em1 scope link metric 1002
default via 192.168.101.1 dev em1 src 192.168.101.2
default via 64.56.73.1 dev em1

@91ajames
Copy link

91ajames commented May 16, 2017

Changed my Local Subnet to the pi itself since I am also runnning Pi-hole.
Able to get to yahoo.com and google.com and some other sites but others doesn't load at all, when connected, am i missing somthing?

Found out im using my ipv6 address and not my ipv4 address when checking out my ip, so i'm assuming its using the ipv6 of the sites that i can connect to.

0

@mrichard24
Copy link

How can you update the server.conf file? Everytime i try to update it it throws a permissions error. Same error happens on WinSCP and Cyberduck.

image

@Rashad624
Copy link

cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME

can someone explain what this means ? what is CRT and Key name or do i just leave it as so?

@gayanvoice
Copy link

The following script in the repository enabled duplicate-cn by default. You don't want to change the config file.
https://github.com/gayankuruppu/openvpn-install-for-multiple-users

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment