Using Open VPN to tunnel all traffic through my home server
I want to be able to send all my internet traffic to the Linux machine I have running in my apartment and I am not a networking expert. My motivation for this post is threefold; document my process for future reference, share my info and see if people have suggestions for how to do this better. I am not going to go through every option, just what I did and what worked for me.The next step was to figure out what I needed to do. I decided on using openvpn because I already use it for work and because it’s open source. I found the how-to document on the openvpn site to be really useful. I am using Fedora, so I skipped the section on installing openvpn from source and ran “
sudo yum install openvpn
“. My next step was to copy the pki support files into a directory by running “cp -r /usr/share/openvpn/easy-rsa/2.0/* .
“. I then followed the directions for generating the pki infrastructure.For this to work you need an open port on your server. I used the openvpn standard of 1194. I tested that the port was open with netcat by running “
nc -l 1194
” on my server and “nc server.name 1194
“. Writing on either terminal will show the output on the other on EOL.At this point, I needed to set up the server configuration. I copied the sample config file to my directory by running “
cp cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf server.conf
“. I found that the sample server config file seemed to work great for me with the following changes:diff -U0 sample-config-files/server.conf config/server.conf
--- sample-config-files/server.conf 2011-12-12 21:43:31.000000000 -0800
+++ config/server.conf 2011-12-12 22:16:46.000000000 -0800
@@ -196,0 +197,2 @@
+push "dhcp-option DNS 0.0.0.0"
+push "dhcp-option DNS 0.0.0.0"
@@ -204 +206 @@
-;client-to-client
+client-to-client
The first change pushes DNS servers to my client (fake ips, obviously) and the second change is to allow different clients to talk to each other. I am not sure how useful the inter-client link will end up being.
I am using the Viscosity client because that’s the only sane way to do this on OS X and Windows. Sending all traffic over the vpn link is the default behaviour for Network Manager (Linux). I started with the sample by running “
cp /usr/share/doc/openvpn-2.1.4/sample-config-files/client.conf .
“. My changes where pretty basic:diff -U0 sample-client.conf client.conf
--- sample-client.conf 2011-12-12 22:43:11.000000000 -0800
+++ client.conf 2011-12-12 21:49:17.000000000 -0800
@@ -42 +42 @@
-remote my-server-1 1194
+remote server.name 1194
@@ -89,2 +89,2 @@
-cert client.crt
-key client.key
+cert laptop.crt
+key laptop.key
At this point, the client side configuration was ready to transfer, so I tarred up the needed files with:
mkdir ovpn-configs
cp keys/ca.crt keys/laptop.crt keys/laptop.key client.conf ovpn-configs/
tar jcf laptop-openvpn-config.tar.bz2 ovpn-configs
and used scp to transfer the files over to my laptop.
Once on my laptop, I untarred the files and imported the configuration into Viscosity. I did this by:
- clicking on Viscosity menu icon then selecting preferences
- clicking on plus arrow with down, selecting “import connection” then selecting “from file”
- selected the client.conf file from the tarball
At this stage, I tested that my machine was able to connect to my openvpn server. I gathered the various files needed for the openvpn server into a single directory:
mkdir ~/openvpn-server/
cp keys/* ~/openvpn-server #lazy
cp server.conf ~/openvpn-server
and started the server with “
cd ~/openvpn-server && sudo openvpn server.conf
“. I connected using viscosity to the server. The client connected properly, but I was unable to resolve anything on dns or reach anything other than my openvpn server. Reading the openvpn howto suggested setting up a NAT. I did some searching and found a page with information on setting up the NAT. I did:echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
At this point, everything worked! I ran traceroute, and the first hop was my vpn server’s vpn address (10.8.0.1). I also used some websites to check my public IP and it was showing as my server’s IP.
I hope this is useful to others. If I’ve done something really dumb, I’d appreciate any suggestions for how to do it better! I have left out information about how to start the openvpn service on boot. This isn’t really important to me right now but if I ever bother with it, I’ll update this blog post.
Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration
source:http://trafficneed.blogspot.com/2012/05/135786650616275.html