nbrochu/setup.md

Forked from colinsurprenant/ec2_openvpn_setup.md

Created March 13, 2013 14:07

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nbrochu/5152432.js"></script>
Save nbrochu/5152432 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

EC2/Ubuntu OpenVPN server config

open UDP port 1194 using EC2 security groups

sudo apt-get install openvpn
sudo openvpn —genkey —secret /etc/openvpn/openvpn-key.txt
sudo modprobe iptable_nat
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -s 10.8.0.1/2 -o eth0 -j MASQUERADE

/etc/openvpn/openvpn.conf

port 1194
proto udp
dev tun
secret openvpn-key.txt
ifconfig 10.8.0.1 10.8.0.2
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

sudo service openvpn restart

If you want to persist your iptables rules:
```
iptables-save > /etc/iptables-up.rules
```
In /etc/network/interfaces add this line after the eth0 directives:
```
post-up /sbin/iptables-restore < /etc/iptables-up.rules
```

OSX OpenVPN client config

install tunnelblick
copy key content from EC2 server /etc/openvpn/openvpn-key.txt into ~/Library/Application\ Support/Tunnelblick/Configurations/openvpn-key.txt
launch tunnelblick, and create a new config with

dev tun
proto udp
port 1194
remote your-server-address
resolv-retry infinite
nobind
secret openvpn-key.txt
ifconfig 10.8.0.2 10.8.0.1
comp-lzo
verb 3
redirect-gateway def1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment