Open VPN Remote Access - samuel-richardson/Sam-Tech-Journal GitHub Wiki

Install

sudo apt install openvpn easy-rsa

Make certs using easy-rsa

Ensure to make the CN the IP address or domain name if using DNS of the machine being accessed for certs.

make-cadir ./ovpn
cd ./ovpn
./easy-rsa build-ca
./easy-rsa gen-dh
./easy-rsa gen-req server
./easy-rsa sign-req server server
./easy-rsa gen-req client
./easy-rsa sign-req client client

Copy ca.crt dh.pem server.crt and server.key to /etc/openvpn/keys Copy ca.crt client.crt and client.key to /home/sam-jump/ovpn.

Configure OpenVPN server

Ethier copy in the sample config or make direct edits. The working config is here. It includes routes pushed, path changes, and other small changes from the sample. sudo vim /etc/openvpn/server.conf sudo systemctl start openvpn@server

Enable IP forwarding on jump.

sudo vim /etc/sysctl.conf
# uncomment net.ipv4.ip_forward = 1
sudo sysctl -p

Configure client

Ethier copy in the sample config or make direct edits. The working config is here. The only main change from the sample is setting the server IP to the default gateway of fw.

sudo vim /home/sam-jump/ovpn/client.ovpn

Copy the folder from jump to travel and then use OpenVPN connect to import the client on file.

FW Configuration

Port Forward 1194 to Jump and make an FW rule to allow this connection. Refer to vyos.

Add a static route to FW so that traffic for VM net is sent to jump set protocols static route 172.16.0.0/24 next-hop 172.16.50.4