Setting up your server is only half the battle, connecting is a whole other story.
At this point we’re going to assume you have a VPN server setup and working, either on a Raspberry Pi or another Linux server, like at DigitalOcean (aff. link). Configuration and screenshots will be specifically tuned for our aforementioned Raspberry Pi server, but this should theoretically work on any OpenVPN server installation.
A brief note: This post was originally written by myself on OffTheGrid.io. Some portions may have been updated.
Update (5/21/2016): This post has been updated to use the latest version of Raspbian available at the moment, the May 2016 version which can be downloaded here. Commands and files have been updated for the latest compatibility.
You will need to follow these instructions no matter what operating system you use, so pay attention. This is the hardest part of this whole post, but it shouldn’t take too long. If you remember from our previous tutorial, we created certificates for all our devices, and named them User1, User2, etc. What we didn’t do is create configuration files for each one, as that would take way too long. Luckily a fellow named Eric Jodoin (of SANS Institute) has created a script to do this for us.
If you haven’t already, connect to your Pi via SSH:
Replacing that last part with the IP address of your server. You may need to change the
pi part as well if you’re not using an RPi.
Now run this command to create a default file for all the client configuration:
sudo nano /etc/openvpn/easy-rsa/keys/Default.txt
And fill it in with the following information:
Obviously, replace the part where it tells you with your public IP address. This is not your server’s internal IP if you’re running it on a router. If you are running your server somewhere like DigitalOcean, you can use the IP provided. If you are running the server on your home network, connect to the same network and go to a site like www.whatismyip.com to find your IP. Press
X to exit nano when you finish.
Now we can make Eric Jodoin’s actual script. Simply run
sudo nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh
And paste in the following:
(Thanks to @coolaj86 on GitHub for posting this updated version.)
Now make this script executable:
sudo -s cd /etc/openvpn/easy-rsa/keys chmod 700 MakeOVPN.sh
And start the script!
When this script is running it’ll ask for the names of clients you generated when making your server. Input the names of your clients, we used
User2, etc. in our process. Only enter names of clients you have already generated. If it works, you should see this line:
Done! User1.ovpn Successfully Created.
That should be it! Just import this .ovpn file you generated on your Pi into the OpenVPN client of your choice and it should connect just like that!
(Update 5/25/16) If your VPN client can connect to the VPN server, but you can’t access the outside internet, try running this iptables rule on the server:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Was this tutorial helpful? Then please consider sending me some cash to support this blog, servers aren’t cheap you know 🙂
I hope you enjoyed this tutorial, check out some of our other ones as well to find out more ways you can keep your online life secure.
(Did I make a mistake? Let me know on Twitter and I’ll fix it right away!)