Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace:
Writing /app/www/public/data/meta/databaseandnetworkmanagement/open_vpn_install.meta failed
databaseandnetworkmanagement:open_vpn_install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
databaseandnetworkmanagement:open_vpn_install [2017/07/06 10:48] 1carew1databaseandnetworkmanagement:open_vpn_install [2021/06/25 10:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Open VPN install on Ubuntu 16 ======
 +The following tutorial gives a very in-depth tutorial on how to do this so I recommend just following that : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
 +
 +The only extra items I did were: 
 +  * create rules on the Netgear Router to allow port forward of 1194 (default Open VPN port) to comeragh
 +  * changed the udp protocol used to be tcp instead this is in 2 or 3 places in all of the configs nothing major
 +  * generated client files based on the person using them rather than calling it client1
 +  * Added dns to the config : sudo vi /etc/openvpn/server.conf and added two line : push "dhcp-option DNS 10.91.100.71" and push "dhcp-option DNS 10.5.5.50" - this was to force the DNS names as to not have to set them on the client manually
 +
 +
 +I encountered one issue however, the VPN would connect using tunnelblick on Mac, however the public IP did not change.
 +I followed the trouble shooting guide here : https://tunnelblick.net/cConnectedBut.html
 +The resolution was to edit the /etc/openvpn/server.conf file and uncomment this line : push "redirect-gateway def1 bypass-dhcp"
 +
 +===== VPN Program for Mac =====
 +https://tunnelblick.net/downloads.html
 +
 +===== Generating New VPN Certs =====
 +  * ssh to the VPN server
 +  * cd ~/openvpn-ca
 +  * source vars
 +  * ./build-key-pass firstname_lastname
 +  * # Give them a good password (pem passphrase), you can just press enter for everything else except for email, change their email, do not set a challenge password just press enter.
 +  * # When asked to sign, y and enter, when asked to commit y and enter
 +  * # if an error appears such as db then the user already exists so give them a different name like firstname_lastname_1 etc.
 +  * # if successful it should say : Write out database with 1 new entries\n Data Base Updated
 +  * cd ~/client-configs
 +  * ./make_config.sh firstname_lastname
 +  * # The opvn file should be located : ~/client-configs/files
 +
 +===== Revoking VPN Certs =====
 +  * cd ~/openvpn-ca
 +  * source vars
 +  * ./revoke-full their_user
 +  * sudo cp ~/openvpn-ca/keys/crl.pem /etc/openvpn
 +  * sudo systemctl restart openvpn@server
 +
 +
 +
 +===== Revoking Google auth =====
 +  * /usr/local/openvpn_as/scripts
 +  * sudo ./confdba -u -m -k pvt_google_auth_secret_locked -v false -p username
  

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki