Migrating the OpenVPN server from local to public
by Jason.nix from LinuxQuestions.org on (#6HE2K)
Hello,
I have a Linux box with one NIC and installed an OpenVPN server on it. My OpenVPN server configuration is as follows:
Code:port 1194
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "route 172.20.1.0 255.255.0.0"
push "dhcp-option DNS 172.20.1.2"
push "redirect-gateway autolocal"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1My client configuration is:
Code:dev tun
proto udp
remote 192.168.1.20 1194
route add 172.20.1.0 255.255.0.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-CBC
verb 3And my iptables rules are:
Code:# IF_MAIN=enp0s3
# IF_TUNNEL=tun0
# YOUR_OPENVPN_SUBNET=10.8.0.0/16
# iptables -I INPUT -p udp --dport 1194 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADEI want to turn this server into a public server that I can connect to through the Internet and OpenVPN. If I set a public IP address on the network card and put the public IP address instead of 192.168.1.20 in the client settings, is it enough?
Thank you.
I have a Linux box with one NIC and installed an OpenVPN server on it. My OpenVPN server configuration is as follows:
Code:port 1194
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "route 172.20.1.0 255.255.0.0"
push "dhcp-option DNS 172.20.1.2"
push "redirect-gateway autolocal"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1My client configuration is:
Code:dev tun
proto udp
remote 192.168.1.20 1194
route add 172.20.1.0 255.255.0.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-CBC
verb 3And my iptables rules are:
Code:# IF_MAIN=enp0s3
# IF_TUNNEL=tun0
# YOUR_OPENVPN_SUBNET=10.8.0.0/16
# iptables -I INPUT -p udp --dport 1194 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADEI want to turn this server into a public server that I can connect to through the Internet and OpenVPN. If I set a public IP address on the network card and put the public IP address instead of 192.168.1.20 in the client settings, is it enough?
Thank you.