OpenVPN server and Windows client
by Jason.nix from LinuxQuestions.org on (#6D0TH)
Hello,
I used https://www.howtoforge.com/how-to-in...-on-debian-10/ tutorial to configure OpenVPN server on Linux. My OpenVPN configuration file is as the following:
Code:# cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1Then, I started the OpenVPN service:
Code:# systemctl start openvpn@serverAnd it worked:
Code:# systemctl status openvpn@server
openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; preset: enabled)
Active: active (running) since Sun 2023-07-16 07:42:24 EDT; 1min 17s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 2362 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 10)
Memory: 1.4M
CPU: 30ms
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
2362 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server>
Jul 16 07:42:24 debian systemd[1]: Starting openvpn@server.service - OpenVPN connection to server...
Jul 16 07:42:24 debian systemd[1]: Started openvpn@server.service - OpenVPN connection to server.It created a NIC on my server:
Code:# ifconfig
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet)
RX packets 597 bytes 63680 (62.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 594 bytes 47394 (46.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 5640 bytes 17516906 (16.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5640 bytes 17516906 (16.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::4f45:bad7:c6a2:8e50 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 336 (336.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0I have a series of questions:
1- Is Diffie-Hellman algorithm enough?
2- In the tutorial, the author used "nopass" with easyrsa tool, is this option recommended? Is this so that the client doesn't have to enter a password to connect to the server?
3- How about the following IP addresses? What alternatives can I use?
Code:push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"4- I have a Windows OS client and I want to connect it to my OpenVPN server. In the tutorial, the client configuration is as follow:
Code:client
dev tun
proto udp
remote 192.168.1.20 1194 # Linux Server IP
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3I created a .ovpn file with the above lines and copied it to the "C:\Program Files\OpenVPN\config" directory. How about the client keys that are on my Server? In which folder should I copy them?
Thank you.
I used https://www.howtoforge.com/how-to-in...-on-debian-10/ tutorial to configure OpenVPN server on Linux. My OpenVPN configuration file is as the following:
Code:# cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1Then, I started the OpenVPN service:
Code:# systemctl start openvpn@serverAnd it worked:
Code:# systemctl status openvpn@server
openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; preset: enabled)
Active: active (running) since Sun 2023-07-16 07:42:24 EDT; 1min 17s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 2362 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 10)
Memory: 1.4M
CPU: 30ms
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
2362 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server>
Jul 16 07:42:24 debian systemd[1]: Starting openvpn@server.service - OpenVPN connection to server...
Jul 16 07:42:24 debian systemd[1]: Started openvpn@server.service - OpenVPN connection to server.It created a NIC on my server:
Code:# ifconfig
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet)
RX packets 597 bytes 63680 (62.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 594 bytes 47394 (46.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 5640 bytes 17516906 (16.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5640 bytes 17516906 (16.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::4f45:bad7:c6a2:8e50 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 336 (336.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0I have a series of questions:
1- Is Diffie-Hellman algorithm enough?
2- In the tutorial, the author used "nopass" with easyrsa tool, is this option recommended? Is this so that the client doesn't have to enter a password to connect to the server?
3- How about the following IP addresses? What alternatives can I use?
Code:push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"4- I have a Windows OS client and I want to connect it to my OpenVPN server. In the tutorial, the client configuration is as follow:
Code:client
dev tun
proto udp
remote 192.168.1.20 1194 # Linux Server IP
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3I created a .ovpn file with the above lines and copied it to the "C:\Program Files\OpenVPN\config" directory. How about the client keys that are on my Server? In which folder should I copy them?
Thank you.