Aroha: OPENVPN ubuntu 12.04 安裝

參考

sudo apt-get install openvpn
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/
sudo vi /etc/openvpn/easy-rsa/vars
cd /etc/openvpn/easy-rsa/
sudo chown -R root:root .
sudo chmod g+w .
source vars
./clean-all
sudo vi /etc/openvpn/easy-rsa/vars
1. export KEY_CONFIG=$EASY_RSA/openssl-1.0.0.cnf
./build-ca
Note that in the above sequence, most queried parameters were defaulted to the values set in the vars or vars.bat files. The only parameter which must be explicitly entered is the Common Name. In the example above, I used "OpenVPN-CA".
./build-key-server server
./build-dh
cd keys
sudo cp server.crt server.key ca.crt dh2048.pem ../../
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
vi /etc/openvpn/server.conf
sudo /etc/init.d/openvpn restart
Generate Client keys
1. ./build-key client1
2. ./build-key client2
3. ./build-key client3
Download keys
1. sudo apt-get install apache2
2. cd /etc/openvpn/easy-rsa/
3. tar -zpcv -f test.tar.gz keys
4. mv test.tar.gz /var/www/
5. Download keys
6. rm /var/www/test.tar.gz
Firewall set
1. sysctl -w net.ipv4.conf.all.forwarding=1
2. sysctl -w net.ipv4.ip_forward=1
3. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
4. iptables-save
Change to UFW(這裡有點問題, 重開機後不行用, 要用上面的iptables才可出去)

sudo vim /etc/default/ufw
```
DEFAULT_FORWARD_POLICY="ACCEPT"
```
sudo vim /etc/ufw/sysctl.conf
# Uncomment this to allow this host to route packets between interfaces
1. net/ipv4/ip_forward=1
2. net/ipv6/conf/default/forwarding=1
3. net/ipv6/conf/all/forwarding=1
ufw disable
ufw enable

IPV6設定參考

http://tomsalmon.eu/2013/04/openvpn-ipv6-with-tun-device/