OpenVPN
From Bashlinux
Howt to setup OpenVPN on Ubuntu
- Install dependencies for LDAP authentication via Perl script
apt-get -y install libnet-ldap-perl
- Setup some useful parameters for OpenVPN servers
- Force client to use the DNS provided by OpenVPN server
push "dhcp-option DNS 10.10.4.1"
- Don't use certificate, use User/Password instead
client-cert-not-required username-as-common-name
- Authenticate using LDAP
plugin /usr/lib/openvpn-auth-ldap.so /etc/openvpn/ldap-auth-conf
- Enable management console (Warning, avoid to use an address other than localhost)
management localhost 7505
- Avoid Windows 7 overwrite the route tables
push "redirect-gateway def1 bypass-dhcp"
How to replicate OpenVPN from Zentyal to a plain Ubuntu host
UBUNTU (Pre-sync)
- Install openvpn on the ubuntu box
apt-get -y install openvpn libnet-ldap-perl
- Prepare the certs and logs directories
mkdir -p /var/lib/zentyal/CA mkdir -p /var/log/openvpn
- Enable IPv4 Forwarding
sed -i -e '/net.ipv4.ip_forward/s/#//' /etc/sysctl.conf sysctl -p
ZENTYAL (Sync)
- RSync OpenVPN settings from the Zentyal box to the Ubuntu box
rsync -avz /etc/openvpn/ ubuntu-box:/etc/openvpn/
- RSync the certificates
rsync -avz /var/lib/zentyal/CA/ ubuntu-box:/var/lib/zentyal/CA/
UBUNTU (Post-sync)
- Edit /etc/openvpn/${COLO}-vpn/${COLO}-vpn.conf and set
- Listening address on the public interface
local x.y.z.$OCTECT
- Subnet for the secondary VPN on
server x.y.$SUBNET.0 255.255.255.0
- Enable the VPN configuration at /etc/default/openvpn
AUTOSTART="${COLO}-vpn.d/${COLO}-vpn"
- Start OpenVPN
service openvpn start