Creating an OpenVPN Server
Before you begin, choose an existing Incredible PBX (Debian 10 or Ubuntu 20.04) platform with a static, public IP address. Make note of the address.
Login to the server as root and download and run the OpenVPN installer after whitelisting UDP 1194 for OpenVPN Server access:
cd /usr/local/sbin/
sed -i '/# do not edit b/i /usr/sbin/iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT' iptables-custom
cd /etc/iptables
sed -i '/# your own additions go above here/i -A INPUT -p udp -m udp --dport 1194 -j ACCEPT' rules.v4
iptables-restart
cd /root
wget https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
./openvpn-install.sh
At the prompts, enter the following. Then press ENTER to set up your OpenVPN server.
Enable IPv6: n
OpenVPN Listening Port: Default (1194)
Listening Protocol: 1 (UDP)
DNS Resolvers: 9 (Google)
Use Compression: n
Customize Encryption Settings: n
After your server is created, you will be prompted to create the first client configuration. Use this client to make your OpenVPN Server machine part of the Virtual Private Network. All future client credentials are generated using the same script used to create the OpenVPN Server. NOTE: On non-Windows machines, comment out the #setenv line in the client configuration file (.ovpn) before use.
Enter a name for the client to identify the machine on which it will be used
When prompted whether to protect the client with a password, choose 1 (passwordless client)
Client computers are activated in the VPN by issuing the following command (without backslash) on the client computer where client1.ovpn is the file containing the client credentials generated on the OpenVPN Server and copied to the client computer: openvpn -\-config client1.ovpn --daemon
Check the current listing of running clients by issuing the following command on the OpenVPN Server:
cat /var/log/openvpn/status.log
We recommend keeping a text file with a list of all the created clients including their private IP addresses in the event you ever wish to move the OpenVPN Server to another computer platform.
- 10.8.0.1 hostflytekvm
- 10.8.0.2 oraclepbx
- 10.8.0.3 crowncloud1
- 10.8.0.4 pixel3
- 10.8.0.5 ssdnodes5
- 10.8.0.6 raspivero2
- 10.8.0.7 incrediblepbx2020atl
- 10.8.0.8 system76
- 10.8.0.9 intelnuc
Verify the expiration date of your CA certificate: openssl x509 -in /etc/openvpn/ca.crt -dates -noout
Continue reading the Creating and Deploying OpenVPN Clients tutorial.