openvpn binary

Client

Server

Client Configuration

Specify DNS server when connected to VPN

Add the following into .ovpn client file

dhcp-option DNS 192.168.86.1

Example client config

client
dev tun
route-nopull 
route 192.168.86.0 255.255.255.0
route 192.168.0.0 255.255.255.0
proto udp
remote 150.221.175.11 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
dhcp-option DNS 192.168.86.1
<ca>
-----BEGIN CERTIFICATE-----
MIIBvjCCAWWgAwIBAgIURdavgTB3CFtignOwD9wxgS2gmMEwCgYIKoZIzj0EAwIw
.....

LINUX

1. On Ubuntu 16.04 client you need add following directives to client.ovpn config file:
script-security 2
dhcp-option DNS 192.168.1.1
dhcp-option DOMAIN example.lan

2. Only on ubuntu client, you also need following directives
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

WINDOWS

1. On Windows 10 client you need add following directives to client.ovpn config file
script-security 2
dhcp-option DNS 192.168.1.1
dhcp-option DOMAIN example.lan

No more directives is required for windows. Latest openvpn client versions for windows does not recognize option DOMAIN-SEARCH correctly, and works with option DOMAIN.

Force all traffic to go through VPN

Add the following into .ovpn client file

redirect-gateway def1

split tunneling

Add the following into .ovpn client file

route-nopull
route 192.168.86.0 255.255.255.0

• this would route ip addresses 192.168.86.0/24 through the VPN gateway
• any other address would go through normal default gateway

Commands

Click here to expand...

0. select/locate *.ovpn client file

1. connect to the OpenVPN server
sudo openvpn —config <*.ovpn client file>

2. Enter Auth Username:
Enter Auth Password: <type password>

3. Wait until you see
Initialization Sequence Completed

Server Setup

Click here to expand...

How to setup OpenVPN

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36.crt
key /etc/openvpn/easy-rsa/pki/private/ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.123.79.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.86.1"
#push "dhcp-option DNS 1.1.1.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
 tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

Commands

homebrew

1. to have launchd start openvpn now and restart at startup
sudo brew services start openvpn
sudo brew services restart openvpn
sudo brew services stop openvpn

apt

1. to have systemd start openvpn now and restart at startup
sudo systemctl start openvpn@server
sudo systemctl stop openvpn@server
sudo systemctl restart openvpn@server

@server means it will run the /etc/openvpn/server.conf

if @jesus2 means it will run the /etc/openvpn/jesus2.conf

2. get status of server
sudo systemctl status openvpn@server