Skip to content
/ OpenVPN Public

Your VPN connection is up, but web sites (HTTP)  and SSH will not load/connect or are very very slow knowing that your ping and network bandwidth are good.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wfahren/OpenVPN

BranchesTags

Repository files navigation

OpenVPN Server Setup Guide

This repository contains a comprehensive guide and supporting script for setting up a secure OpenVPN server on a Linux host, utilizing modern Elliptic Curve Cryptography (ECC) and the tls-crypt security feature.

πŸ“˜ Guide Summary

This setup process covers three main phases:

  1. Server Setup: Installing OpenVPN and Easy-RSA, configuring the Public Key Infrastructure (PKI), and generating all necessary server certificates, keys, and the ta.key for tls-crypt.
  2. Server Configuration: Creating and configuring the main OpenVPN server configuration file (server.conf).
  3. Client Creation: Using the included BASH script to automatically generate all-in-one client configuration files.

πŸ› οΈ make-client-ovpn.sh

The included BASH script, make-client-ovpn.sh, simplifies client configuration management by automating the creation of secure, all-in-one OpenVPN client files (.ovpn).

Key Features

  • All-in-One File: Generates a single .ovpn file that embeds the CA certificate, client certificate, client key, and the tls-crypt key (ta.key).
  • Inline Config: Uses your base client configuration file (client-base.conf) to create a ready-to-use client profile.
  • Security Focused: Ensures all client connections benefit from the strong ECC keys and the authenticated encryption provided by tls-crypt.

Usage

To generate a new client configuration, run the script from your ~/easy-rsa directory, passing the client name as the only argument (this name must match the name used when generating the client certificate):

cd ~/easy-rsa
./easyrsa build-client-full client-thinkpad nopass
./make-client-ovpn.sh client-thinkpad

note: You need to first configure the system. Click on the link at the bottom on this page and follow the steps outlined.

Output:

The resulting client file will be saved to the ~/easy-rsa/client-ovpn-files directory:

~/easy-rsa/client-ovpn-files/client-thinkpad.ovpn

Trouble Shooting

If you've followed the setup and have a VPN connection, you can ping the client, but web sites still won't load. This is often an MTU issue.

If your connection to the OpenVPN server or any of you clients connect to the Internet via a PPPoE link, than this is likey your problem.

In the server.conf add the tun-mtu 1432 option and restart the server.

If you want a detailed discription on how to determin the maximum MUT betwwen the server and a clint click on the link below.

Follow the steps in this guide to troulbe shoot

πŸš€ Get Started

Click here to get started with the setup!

About

Your VPN connection is up, but web sites (HTTP)  and SSH will not load/connect or are very very slow knowing that your ping and network bandwidth are good.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages