This guide will show you how to install a OpenVPN server with port forwarding aka open ports.
This is great for Perfect Dark, Retroshare, or Torrent uploading where having an open port is required.
Requirements:
- Linux Server or VPS with Centos, Ubuntu, Debian. If you need a VPS for VPN please see our plans here.
- Public Static IPv4
- Time
First install your desired OS (Centos, Ubuntu, Debian)
Once installed you will want to ensure the server is updated fully. If not doing this as root please add sudo to all commands.
For Centos
yum update -y
For Ubuntu/Debian
apt-get update && apt-get upgrade
Once that is done you will want to install a few required packages if there not currently installed.
For Centos
yum install nano wget curl htop -y
For Ubuntu/Debian
apt-get install htop nano wget curl -y
check for IPv4 forwarding enabled
can check for this by using the below command and looking for “net.ipv4.ip_forward = 0” and change to “net.ipv4.ip_forward = 1”
nano /etc/sysctl.conf
Or alternatively use the below command to add it to end of file if not enabled/commented out.
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
Then use this command to make it active.
sysctl -p
Install Openvpn and make script executable
wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh chmod +x openvpn-install.sh
Start Openvpn installer and create users
See the source guide for details and explanation of options > https://github.com/Angristan/OpenVPN-install
./openvpn-install.shCreate Openvpn ccd folder for storing user profiles
mkdir /etc/openvpn/ccd
Ceate the IP Pool persistent text
nano /etc/openvpn/ipp.txt
The OpenVPN Server Configuration should look like the below. Note the “verb 0” for 0 logging and the “push “dhcp-option DNS 176.103.130.130″” which can be your desired DNS servers pushed to clients to prevent leaks. In this case were using Adguard DNS to block ads at the DNS level to speed up connections.
port 443 proto udp dev tun user nobody group nogroup persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt 0 push "dhcp-option DNS 176.103.130.130" push "dhcp-option DNS 176.103.130.131" push "redirect-gateway def1 bypass-dhcp" crl-verify crl.pem ca ca.crt cert server_LZAWi5RVmWxVAdJa.crt key server_LZAWi5RVmWxVAdJa.key tls-auth tls-auth.key 0 dh dh.pem auth SHA256 cipher AES-256-CBC tls-server tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 status openvpn.log verb 0 client-config-dir /etc/openvpn/ccd
To modify these values to your liking or to match the above.
nano /etc/openvpn/server.conf
To created your first client configuration. Replace user1 with the exact username from the user created via the script earlier.
nano /etc/openvpn/ccd/user1
Add the below for the first user1
ifconfig-push 10.8.0.2 255.255.255.0
CCD example content for additional users
ifconfig-push 10.8.0.2 255.255.255.0 > used for user1 ifconfig-push 10.8.0.3 255.255.255.0 ifconfig-push 10.8.0.4 255.255.255.0 ifconfig-push 10.8.0.5 255.255.255.0 ifconfig-push 10.8.0.6 255.255.255.0 ifconfig-push 10.8.0.7 255.255.255.0
Setup the Persistent IP Pool file. This ensures clients have static internal IP addresses for when we setup port forwards for clients it sticks to their static internal IP.
nano /etc/openvpn/ipp.txt
Set the below values with the matching usernames from the CCD file and script generated usernames.
user1,10.8.0.2 user2,10.8.0.3 user3,10.8.0.4 user4,10.8.0.5 user5,10.8.0.6 user6,10.8.0.7
Setup Port Forwarding for user1 find/replace YourVPSIPHere with your server/VPS IP. This will open port 32400 to the user1 internal vpn IP
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 32400 -j DNAT --to-dest 10.8.0.2:32400 iptables -t filter -A INPUT -p tcp -d 10.8.0.2 --dport 32400 -j ACCEPT
Setup Port Forwarding for user2
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 2634 -j DNAT --to-dest 10.8.0.3:2634 iptables -t filter -A INPUT -p tcp -d 10.8.0.3 --dport 2634 -j ACCEPT
Setup Port Forwarding for user3
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4634 -j DNAT --to-dest 10.8.0.4:4634 iptables -t filter -A INPUT -p tcp -d 10.8.0.4 --dport 4634 -j ACCEPT
Setup Port Forwarding for user4
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4634 -j DNAT --to-dest 10.8.0.5:4834 iptables -t filter -A INPUT -p tcp -d 10.8.0.5 --dport 4834 -j ACCEPT
Setup Port Forwarding for user5
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 4934 -j DNAT --to-dest 10.8.0.6:4934 iptables -t filter -A INPUT -p tcp -d 10.8.0.6 --dport 4934 -j ACCEPT
Setup Port Forwarding for user6
iptables -t nat -A PREROUTING -d YourVPSIPHere -p tcp --dport 5034 -j DNAT --to-dest 10.8.0.7:5034 iptables -t filter -A INPUT -p tcp -d 10.8.0.7 --dport 5034 -j ACCEPT
Now this is important to save the iptables there is a package that needs installed so they persist on reboot. Source
apt-get install iptables-persistent
If adding additional rules later on and need to save manually
iptables-save
To start/stop/restart openvpn
service openvpn start
service openvpn stop
service openvpn restart
We hope you enjoyed the guide and find it useful.
Category:Proxy
