Setting Up and Configuring Ubuntu Server 9.04 VMWARE with SSH, VSFTPD (TSL/SSL), OpenVPN, Fail2ban (PART 3)

Ok, now its time for OpenVPN. There is a really good write-up on how to install OpenVPN by niels on http://nielsvz.com. Follow his guide to install it on 9.04 and then you can play with some options below.

To authenticate via PAM, add this line in your server.conf file:
plugin /usr/lib/openvpn/openvpn-auth-pam.so system-auth

To route all traffic through your VPN connection (HTTP, DNS...), uncomment this line in your server.conf file:
push "redirect-gateway def1 bypass-dhcp"

Corresponding with this switch, you will need to enable NAT redirection. This will allow your VPN connected clients to see and access network resources on the subnet your server is on. Enable it with the following:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

To configure OpenVPN to only allow certain users to log in, follow the instructions here.

Here is a copy of my client config to reference:
persist-key
tls-client
remote techaccesstips.servehome.net 1194
proto udp
ca ca.crt
dev tun
persist-tun
cert client1.crt
comp-lzo
nobind
key client.key
pull
auth-user-pass

Here are a list of clients for Windows and Mac:
Tunnelblick - Free OpenVPN client for Mac
Viscosity - Shareware client for Mac
OpenVPN GUI - Free client for Windows

So ends the guide...If you have any questions, comments, or revisions/suggestions please leave a comment and I will get back with you.



Posted by f3lix Tuesday, June 23, 2009 at 11:43 AM Labels: , , , , , , , ,  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)