redgeoff / openvpn-server-vagrant Goto Github PK

View Code? Open in Web Editor NEW

93.0 11.0 76.0 31 KB

Spin up an OpenVPN Server

License: MIT License

Shell 100.00%

openvpn-server-vagrant's Introduction

openvpn-server-vagrant

Spin up an OpenVPN Server

Install Vagrant, VirtualBox and git

http://www.vagrantup.com
https://www.virtualbox.org (don't worry about setting up any VMs as the steps below will cover this)
http://git-scm.com

Set up

$ git clone https://github.com/redgeoff/openvpn-server-vagrant.git
$ cd openvpn-server-vagrant
$ cp config-default.sh config.sh
Edit config.sh and fill in your config
$ vagrant up
$ vagrant ssh

You can then perform a sanity test with a connection from a VPN client with:

$ sudo su -
$ /vagrant/add-client.sh test-client
$ cp ~/client-configs/files/test-client.ovpn /vagrant
On the host, double click `test-client.ovpn` to load it into Tunnelblick
Use Tunnelblick to connect to the VPN server

Add a route to a subnet

Routes must be added to the server so that you clients know which traffic to route to the VPN Server. The following process should be repeated for each subnet in your network.

Edit /etc/openvpn/server.conf and add something like the following, where 172.31.26.0 is your network and 255.255.255.0 is the netmask.

push "route 172.31.26.0 255.255.255.0"

Then restart the VPN Server:

$ sudo systemctl restart openvpn@server

Add a client

The following should be repeated for each new client/user for whom you wish to grant access to your VPN. Replace client-name with a unique name.

$ sudo su -
$ /vagrant/add-client.sh client-name

You will then find a file like the following that you should provide to the individual who will be connecting to your VPN. This ovpn file can then be used with Tunnelblick (OS X), OpenVPN (Linux, iOS, Android and Windows).

~/client-configs/files/client-name.ovpn

Revoke client certificate

If you ever need to revoke access, simply execute:

$ sudo su -
$ /vagrant/revoke-full.sh client-name

Extra Info

openvpn-server-vagrant's People

Contributors

Stargazers

Watchers

openvpn-server-vagrant's Issues

openvpn.sh does not generate server.crt/server.key

Steps to reproduce:
wget https://github.com/redgeoff/openvpn-server-vagrant/archive/master.zip
unzip master.zip
cd openvpn-server-vagrant-master/
./openvpn.sh

build-key-server does not execute, which in turn does not generate server.crt & server.key

./openvpn.sh: line 38: ./build-key-server.sh: No such file or directory

log.txt
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
Linux ip-10-0-3-233 4.4.0-1022-aws #31-Ubuntu SMP Tue Jun 27 11:27:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

The openvpn.sh file doesn't work with Ubuntu 18.04 LTS

The make-cadir creates a folder with a default vars file. In that vars file, there is a whichopensslcnf call that doesn't work with the openssl-*.cnf files laid out by the make-cadir. It needs another elif block to check for openssl-1.1.0.cnf to match the openssl version in 18.04 LTS.

Upgrading openvpn server from 16.04 to latest ubuntu release ?

Hi @redgeoff ,

Currently I am running openvpn vagrant server on ubuntu 16.04 but after upgrading to ubuntu latest release For ex: 20.04 . I am not able to connect to openvpn server with any of my openvpn user profiles.

unable to send email attachment

After I run the script, enter a password, select yes, and enter a user email address I get the following:
INFO: Sending email Can't stat ~/client-config/files/sean.ovpn: No such file or directory ~/client-config/files/sean.ovpn: unable to attach file.
I'm running Ubuntu 16.04.5

Any idea why this won't send the attachment?

Upgrade ?

Hello All,
I have been running openvpn-server-vagrant on aws for a couple of years now.. on Ubuntu 16.04

I am considering upgrading this server to Ubuntu 20...

If I do this will it impact the rendition of openvpn-server-vagrant?
Is there an update to the actual openvpn server itself and how would I apply it?

Thank you for your time and consideration.

Dale

Can't connect to server

I copied client.ovpn from server, trying to connect, but sudo openvpn --config client.ovpn returns

Mon Jun 29 11:00:19 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Mon Jun 29 11:00:19 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Mon Jun 29 11:00:19 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Mon Jun 29 11:00:19 2020 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Mon Jun 29 11:00:19 2020 Cannot load inline certificate file
Mon Jun 29 11:00:19 2020 Exiting due to fatal error

Using Debian 10.